diff options
author | Mark Spencer <markster@digium.com> | 2004-07-30 20:01:58 +0000 |
---|---|---|
committer | Mark Spencer <markster@digium.com> | 2004-07-30 20:01:58 +0000 |
commit | 57b6515d825288cf7acd7cd19c7e1f0c84590767 (patch) | |
tree | a0e5bc44130b6be35ca36ebda3e9260dba5eeae4 /channels | |
parent | e786eae3cda0cd77ab4430351fc23d03d5f5b180 (diff) |
Fix potential overflow in H.323
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3543 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels')
-rwxr-xr-x | channels/chan_h323.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/channels/chan_h323.c b/channels/chan_h323.c index 2591965b3..9bd35f0ea 100755 --- a/channels/chan_h323.c +++ b/channels/chan_h323.c @@ -173,6 +173,9 @@ AST_MUTEX_DEFINE_STATIC(usecnt_lock); when it's doing something critical. */ AST_MUTEX_DEFINE_STATIC(monlock); +/* Avoid two chan to pass capabilities simultaneaously to the h323 stack. */ +AST_MUTEX_DEFINE_STATIC(caplock); + /* This is the thread for the monitor which checks for input on the channels which are not currently in use. */ static pthread_t monitor_thread = AST_PTHREADT_NULL; @@ -423,6 +426,11 @@ static int oh323_call(struct ast_channel *c, char *dest, int timeout) ast_log(LOG_DEBUG, "dest=%s, timeout=%d.\n", dest, timeout); + if (strlen(dest) > sizeof(called_addr) - 1) { + ast_log(LOG_DEBUG, "Destination is too long (%d)\n", strlen(dest)); + return -1; + } + if ((c->_state != AST_STATE_DOWN) && (c->_state != AST_STATE_RESERVED)) { ast_log(LOG_WARNING, "Line is already in use (%s)\n", c->name); return -1; @@ -443,8 +451,8 @@ static int oh323_call(struct ast_channel *c, char *dest, int timeout) } /* Build the address to call */ - memset(called_addr, 0, sizeof(dest)); - memcpy(called_addr, dest, sizeof(called_addr)); + memset(called_addr, 0, sizeof(called_addr)); + memcpy(called_addr, dest, strlen(dest)); /* Copy callerid, if there is any */ if (c->callerid) { @@ -890,7 +898,9 @@ static struct ast_channel *oh323_request(char *type, int format, void *data) } } /* pass on our preferred codec to the H.323 stack */ + ast_mutex_lock(&caplock); h323_set_capability(format, dtmfmode); + ast_mutex_unlock(&caplock); if (ext) { strncpy(p->username, ext, sizeof(p->username) - 1); @@ -1725,6 +1735,7 @@ int reload_config(void) } cat = ast_category_browse(cfg, cat); } + ast_destroy(cfg); /* Register our H.323 aliases if any*/ while (alias) { @@ -1736,11 +1747,13 @@ int reload_config(void) } /* Add some capabilities */ + ast_mutex_lock(&caplock); if(h323_set_capability(capability, dtmfmode)) { ast_log(LOG_ERROR, "Capabilities failure, this is bad.\n"); + ast_mutex_unlock(&caplock); return -1; - } - ast_destroy(cfg); + } + ast_mutex_unlock(&caplock); return 0; } |