diff options
author | Matthew Jordan <mjordan@digium.com> | 2013-01-03 15:37:31 +0000 |
---|---|---|
committer | Matthew Jordan <mjordan@digium.com> | 2013-01-03 15:37:31 +0000 |
commit | 8bf1f1745ba5681b6457010c0c56218e3db6e803 (patch) | |
tree | b5e2d58f182ff2f7bfd2c5770f636b46d99b1ed3 /res | |
parent | 473ec0b1c3d05596c8b00d39aa00e4dfafe7d387 (diff) |
Prevent crashes in res_xmpp when receiving large messages
Similar to r378287, res_xmpp was marshaling data read from an external source
onto the stack. For a sufficiently large message, this could cause a stack
overflow. This patch modifies res_xmpp in a similar fashion to res_jabber by
removing the stack allocation, as it was unnecessary.
(issue ASTERISK-20658)
Reported by: wdoekes
........
Merged revisions 378409 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378410 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'res')
-rw-r--r-- | res/res_xmpp.c | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/res/res_xmpp.c b/res/res_xmpp.c index 77369c487..d490ee516 100644 --- a/res/res_xmpp.c +++ b/res/res_xmpp.c @@ -1846,7 +1846,7 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch { RAII_VAR(struct xmpp_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup); RAII_VAR(struct ast_xmpp_client_config *, clientcfg, NULL, ao2_cleanup); - char *aux = NULL, *parse = NULL; + char *parse = NULL; int timeout, jidlen, resourcelen, found = 0; struct timeval start; long diff = 0; @@ -1960,7 +1960,7 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch continue; } found = 1; - aux = ast_strdupa(message->message); + ast_copy_string(buf, message->message, buflen); AST_LIST_REMOVE_CURRENT(list); xmpp_message_destroy(message); break; @@ -1984,7 +1984,6 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch ast_log(LOG_NOTICE, "Timed out : no message received from %s\n", args.jid); return -1; } - ast_copy_string(buf, aux, buflen); return 0; } |