diff options
author | Scott Griepentrog <sgriepentrog@digium.com> | 2014-12-09 20:46:17 +0000 |
---|---|---|
committer | Scott Griepentrog <sgriepentrog@digium.com> | 2014-12-09 20:46:17 +0000 |
commit | 22a91bf69839f5a5191342c1e508cb8fd7d86d50 (patch) | |
tree | b590682278577ef7ca4c79d46beb9954c0a9bd01 /main/asterisk.c | |
parent | 2f21f85c3733ff633937549c3ba8983df0636dce (diff) |
core: avoid possible asterisk -r crash from long id
When connecting to the remote console, an id string
is first provided that consts of the hostname, pid,
and version. This is parsed by the remote instance
using a buffer that may be too short, and can allow
a buffer overrun because it is not terminated. This
patch adds termination and a larger buffer.
Review: https://reviewboard.asterisk.org/r/4182/
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@429223 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/asterisk.c')
-rw-r--r-- | main/asterisk.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/main/asterisk.c b/main/asterisk.c index 1c6994280..0a5ab1335 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -3200,7 +3200,7 @@ static int ast_el_read_history(char *filename) static void ast_remotecontrol(char *data) { - char buf[80]; + char buf[256] = ""; int res; char filename[80] = ""; char *hostname; @@ -3217,7 +3217,7 @@ static void ast_remotecontrol(char *data) signal(SIGTERM, __remote_quit_handler); signal(SIGHUP, __remote_quit_handler); - if (read(ast_consock, buf, sizeof(buf)) < 0) { + if (read(ast_consock, buf, sizeof(buf) - 1) < 0) { ast_log(LOG_ERROR, "read() failed: %s\n", strerror(errno)); return; } |