From 642bec4d6fea7afad99b6a4853418081137a48ba Mon Sep 17 00:00:00 2001 From: Tilghman Lesher Date: Mon, 10 Aug 2009 19:20:57 +0000 Subject: AST-2009-005 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@211539 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- res/ael/pval.c | 8 ++++---- res/res_agi.c | 24 ++++++++++++------------ res/res_config_curl.c | 8 ++++---- res/res_config_ldap.c | 4 ++-- res/res_config_pgsql.c | 4 ++-- res/res_config_sqlite.c | 2 +- res/res_http_post.c | 4 ++-- res/res_limit.c | 2 +- res/res_musiconhold.c | 2 +- res/res_odbc.c | 4 ++-- res/res_smdi.c | 8 ++++---- res/snmp/agent.c | 2 +- 12 files changed, 36 insertions(+), 36 deletions(-) (limited to 'res') diff --git a/res/ael/pval.c b/res/ael/pval.c index 20e5eddc3..dc1678616 100644 --- a/res/ael/pval.c +++ b/res/ael/pval.c @@ -860,12 +860,12 @@ static void check_timerange(pval *p) p->filename, p->startline, p->endline, p->u1.str); warns++; } - if (sscanf(times, "%d:%d", &s1, &s2) != 2) { + if (sscanf(times, "%2d:%2d", &s1, &s2) != 2) { ast_log(LOG_WARNING, "Warning: file %s, line %d-%d: The start time (%s) isn't quite right!\n", p->filename, p->startline, p->endline, times); warns++; } - if (sscanf(e, "%d:%d", &e1, &e2) != 2) { + if (sscanf(e, "%2d:%2d", &e1, &e2) != 2) { ast_log(LOG_WARNING, "Warning: file %s, line %d-%d: The end time (%s) isn't quite right!\n", p->filename, p->startline, p->endline, times); warns++; @@ -957,7 +957,7 @@ static void check_day(pval *DAY) c++; } /* Find the start */ - if (sscanf(day, "%d", &s) != 1) { + if (sscanf(day, "%2d", &s) != 1) { ast_log(LOG_WARNING, "Warning: file %s, line %d-%d: The start day of month (%s) must be a number!\n", DAY->filename, DAY->startline, DAY->endline, day); warns++; @@ -969,7 +969,7 @@ static void check_day(pval *DAY) } s--; if (c) { - if (sscanf(c, "%d", &e) != 1) { + if (sscanf(c, "%2d", &e) != 1) { ast_log(LOG_WARNING, "Warning: file %s, line %d-%d: The end day of month (%s) must be a number!\n", DAY->filename, DAY->startline, DAY->endline, c); warns++; diff --git a/res/res_agi.c b/res/res_agi.c index 164c5ec62..3141ca443 100644 --- a/res/res_agi.c +++ b/res/res_agi.c @@ -1606,7 +1606,7 @@ static int handle_waitfordigit(struct ast_channel *chan, AGI *agi, int argc, con if (argc != 4) return RESULT_SHOWUSAGE; - if (sscanf(argv[3], "%d", &to) != 1) + if (sscanf(argv[3], "%30d", &to) != 1) return RESULT_SHOWUSAGE; res = ast_waitfordigit_full(chan, to, agi->audio, agi->ctrl); ast_agi_send(agi->fd, chan, "200 result=%d\n", res); @@ -1725,7 +1725,7 @@ static int handle_controlstreamfile(struct ast_channel *chan, AGI *agi, int argc stop = argv[4]; } - if ((argc > 5) && (sscanf(argv[5], "%d", &skipms) != 1)) { + if ((argc > 5) && (sscanf(argv[5], "%30d", &skipms) != 1)) { return RESULT_SHOWUSAGE; } @@ -1761,7 +1761,7 @@ static int handle_streamfile(struct ast_channel *chan, AGI *agi, int argc, const if (argv[3]) edigits = argv[3]; - if ((argc > 4) && (sscanf(argv[4], "%ld", &sample_offset) != 1)) + if ((argc > 4) && (sscanf(argv[4], "%30ld", &sample_offset) != 1)) return RESULT_SHOWUSAGE; if (!(fs = ast_openstream(chan, argv[2], chan->language))) { @@ -1873,7 +1873,7 @@ static int handle_saynumber(struct ast_channel *chan, AGI *agi, int argc, const if (argc < 4 || argc > 5) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%d", &num) != 1) + if (sscanf(argv[2], "%30d", &num) != 1) return RESULT_SHOWUSAGE; res = ast_say_number_full(chan, num, argv[3], chan->language, argc > 4 ? argv[4] : NULL, agi->audio, agi->ctrl); if (res == 1) @@ -1888,7 +1888,7 @@ static int handle_saydigits(struct ast_channel *chan, AGI *agi, int argc, const if (argc != 4) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%d", &num) != 1) + if (sscanf(argv[2], "%30d", &num) != 1) return RESULT_SHOWUSAGE; res = ast_say_digit_str_full(chan, argv[2], argv[3], chan->language, agi->audio, agi->ctrl); @@ -1918,7 +1918,7 @@ static int handle_saydate(struct ast_channel *chan, AGI *agi, int argc, const ch if (argc != 4) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%d", &num) != 1) + if (sscanf(argv[2], "%30d", &num) != 1) return RESULT_SHOWUSAGE; res = ast_say_date(chan, num, argv[3], chan->language); if (res == 1) @@ -1933,7 +1933,7 @@ static int handle_saytime(struct ast_channel *chan, AGI *agi, int argc, const ch if (argc != 4) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%d", &num) != 1) + if (sscanf(argv[2], "%30d", &num) != 1) return RESULT_SHOWUSAGE; res = ast_say_time(chan, num, argv[3], chan->language); if (res == 1) @@ -2043,7 +2043,7 @@ static int handle_setpriority(struct ast_channel *chan, AGI *agi, int argc, cons if (argc != 3) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%d", &pri) != 1) { + if (sscanf(argv[2], "%30d", &pri) != 1) { if ((pri = ast_findlabel_extension(chan, chan->context, chan->exten, argv[2], chan->cid.cid_num)) < 1) return RESULT_SHOWUSAGE; } @@ -2074,7 +2074,7 @@ static int handle_recordfile(struct ast_channel *chan, AGI *agi, int argc, const if (argc < 6) return RESULT_SHOWUSAGE; - if (sscanf(argv[5], "%d", &ms) != 1) + if (sscanf(argv[5], "%30d", &ms) != 1) return RESULT_SHOWUSAGE; if (argc > 6) @@ -2115,7 +2115,7 @@ static int handle_recordfile(struct ast_channel *chan, AGI *agi, int argc, const /* backward compatibility, if no offset given, arg[6] would have been * caught below and taken to be a beep, else if it is a digit then it is a * offset */ - if ((argc >6) && (sscanf(argv[6], "%ld", &sample_offset) != 1) && (!strchr(argv[6], '='))) + if ((argc >6) && (sscanf(argv[6], "%30ld", &sample_offset) != 1) && (!strchr(argv[6], '='))) res = ast_streamfile(chan, "beep", chan->language); if ((argc > 7) && (!strchr(argv[7], '='))) @@ -2237,7 +2237,7 @@ static int handle_autohangup(struct ast_channel *chan, AGI *agi, int argc, const if (argc != 3) return RESULT_SHOWUSAGE; - if (sscanf(argv[2], "%lf", &timeout) != 1) + if (sscanf(argv[2], "%30lf", &timeout) != 1) return RESULT_SHOWUSAGE; if (timeout < 0) timeout = 0; @@ -2437,7 +2437,7 @@ static int handle_verbose(struct ast_channel *chan, AGI *agi, int argc, const ch return RESULT_SHOWUSAGE; if (argv[2]) - sscanf(argv[2], "%d", &level); + sscanf(argv[2], "%30d", &level); ast_verb(level, "%s: %s\n", chan->data, argv[1]); diff --git a/res/res_config_curl.c b/res/res_config_curl.c index 928a6ae3b..95b1589e2 100644 --- a/res/res_config_curl.c +++ b/res/res_config_curl.c @@ -270,7 +270,7 @@ static int update_curl(const char *url, const char *unused, const char *keyfield while (*stringp <= ' ') { stringp++; } - sscanf(stringp, "%d", &rowcount); + sscanf(stringp, "%30d", &rowcount); if (rowcount >= 0) { return (int)rowcount; @@ -334,7 +334,7 @@ static int update2_curl(const char *url, const char *unused, va_list ap) while (*stringp <= ' ') { stringp++; } - sscanf(stringp, "%d", &rowcount); + sscanf(stringp, "%30d", &rowcount); if (rowcount >= 0) { return (int)rowcount; @@ -395,7 +395,7 @@ static int store_curl(const char *url, const char *unused, va_list ap) while (*stringp <= ' ') { stringp++; } - sscanf(stringp, "%d", &rowcount); + sscanf(stringp, "%30d", &rowcount); if (rowcount >= 0) { return rowcount; @@ -461,7 +461,7 @@ static int destroy_curl(const char *url, const char *unused, const char *keyfiel while (*stringp <= ' ') { stringp++; } - sscanf(stringp, "%d", &rowcount); + sscanf(stringp, "%30d", &rowcount); if (rowcount >= 0) { return (int)rowcount; diff --git a/res/res_config_ldap.c b/res/res_config_ldap.c index e0cb5946b..aabd18a60 100644 --- a/res/res_config_ldap.c +++ b/res/res_config_ldap.c @@ -1597,7 +1597,7 @@ int parse_config(void) if ((s = ast_variable_retrieve(config, "_general", "url"))) { ast_copy_string(url, s, sizeof(url)); } else if ((host = ast_variable_retrieve(config, "_general", "host"))) { - if (!(s = ast_variable_retrieve(config, "_general", "port")) || sscanf(s, "%d", &port) != 1) { + if (!(s = ast_variable_retrieve(config, "_general", "port")) || sscanf(s, "%5d", &port) != 1 || port > 65535) { ast_log(LOG_NOTICE, "No directory port found, using 389 as default.\n"); port = 389; } @@ -1618,7 +1618,7 @@ int parse_config(void) if (!(s = ast_variable_retrieve(config, "_general", "version")) && !(s = ast_variable_retrieve(config, "_general", "protocol"))) { ast_log(LOG_NOTICE, "No explicit LDAP version found, using 3 as default.\n"); version = 3; - } else if (sscanf(s, "%d", &version) != 1 || version < 1 || version > 6) { + } else if (sscanf(s, "%30d", &version) != 1 || version < 1 || version > 6) { ast_log(LOG_WARNING, "Invalid LDAP version '%s', using 3 as default.\n", s); version = 3; } diff --git a/res/res_config_pgsql.c b/res/res_config_pgsql.c index f4f42e6da..9ba6e9768 100644 --- a/res/res_config_pgsql.c +++ b/res/res_config_pgsql.c @@ -175,10 +175,10 @@ static struct tables *find_table(const char *tablename) if (strcmp(flen, "-1") == 0) { /* Some types, like chars, have the length stored in a different field */ flen = PQgetvalue(result, i, 5); - sscanf(flen, "%d", &column->len); + sscanf(flen, "%30d", &column->len); column->len -= 4; } else { - sscanf(flen, "%d", &column->len); + sscanf(flen, "%30d", &column->len); } column->name = (char *)column + sizeof(*column); column->type = (char *)column + sizeof(*column) + strlen(fname) + 1; diff --git a/res/res_config_sqlite.c b/res/res_config_sqlite.c index 611330f09..39564100c 100644 --- a/res/res_config_sqlite.c +++ b/res/res_config_sqlite.c @@ -805,7 +805,7 @@ static int cdr_handler(struct ast_cdr *cdr) if (!tmp) { continue; } - if (sscanf(tmp, "%d", &scannum) == 1) { + if (sscanf(tmp, "%30d", &scannum) == 1) { ast_str_append(&sql1, 0, "%s%s", first ? "" : ",", col->name); ast_str_append(&sql2, 0, "%s%d", first ? "" : ",", scannum); } diff --git a/res/res_http_post.c b/res/res_http_post.c index 74e249b33..4a3416252 100644 --- a/res/res_http_post.c +++ b/res/res_http_post.c @@ -320,7 +320,7 @@ static int http_post_callback(struct ast_tcptls_session_instance *ser, const str cookies = ast_http_get_cookies(headers); for (var = cookies; var; var = var->next) { if (!strcasecmp(var->name, "mansession_id")) { - sscanf(var->value, "%lx", &ident); + sscanf(var->value, "%30lx", &ident); break; } } @@ -347,7 +347,7 @@ static int http_post_callback(struct ast_tcptls_session_instance *ser, const str fprintf(f, "%s: %s\r\n", var->name, var->value); if (!strcasecmp(var->name, "Content-Length")) { - if ((sscanf(var->value, "%u", &content_len)) != 1) { + if ((sscanf(var->value, "%30u", &content_len)) != 1) { ast_log(LOG_ERROR, "Invalid Content-Length in POST request!\n"); fclose(f); ast_http_error(ser, 500, "Internal server error", "Invalid Content-Length in POST request!"); diff --git a/res/res_limit.c b/res/res_limit.c index f3ec856d3..03c97b0e5 100644 --- a/res/res_limit.c +++ b/res/res_limit.c @@ -179,7 +179,7 @@ static char *handle_cli_ulimit(struct ast_cli_entry *e, int cmd, struct ast_cli_ return CLI_FAILURE; } - sscanf(a->argv[2], "%d", &x); + sscanf(a->argv[2], "%30d", &x); rlimit.rlim_max = rlimit.rlim_cur = x; setrlimit(resource, &rlimit); return CLI_SUCCESS; diff --git a/res/res_musiconhold.c b/res/res_musiconhold.c index 67154fde6..beb9e9578 100644 --- a/res/res_musiconhold.c +++ b/res/res_musiconhold.c @@ -651,7 +651,7 @@ static int play_moh_exec(struct ast_channel *chan, const char *data) AST_STANDARD_APP_ARGS(args, parse); if (!ast_strlen_zero(args.duration)) { - if (sscanf(args.duration, "%d", &timeout) == 1) { + if (sscanf(args.duration, "%30d", &timeout) == 1) { timeout *= 1000; } else { ast_log(LOG_WARNING, "Invalid MusicOnHold duration '%s'. Will wait indefinitely.\n", args.duration); diff --git a/res/res_odbc.c b/res/res_odbc.c index 5a651df01..2fec8884e 100644 --- a/res/res_odbc.c +++ b/res/res_odbc.c @@ -771,7 +771,7 @@ static int load_odbc_config(void) if (ast_false(v->value)) pooling = 1; } else if (!strcasecmp(v->name, "limit")) { - sscanf(v->value, "%d", &limit); + sscanf(v->value, "%30d", &limit); if (ast_true(v->value) && !limit) { ast_log(LOG_WARNING, "Limit should be a number, not a boolean: '%s'. Setting limit to 1023 for ODBC class '%s'.\n", v->value, cat); limit = 1023; @@ -781,7 +781,7 @@ static int load_odbc_config(void) break; } } else if (!strcasecmp(v->name, "idlecheck")) { - sscanf(v->value, "%d", &idlecheck); + sscanf(v->value, "%30u", &idlecheck); } else if (!strcasecmp(v->name, "enabled")) { enabled = ast_true(v->value); } else if (!strcasecmp(v->name, "pre-connect")) { diff --git a/res/res_smdi.c b/res/res_smdi.c index 0232df12e..3cb7fa32a 100644 --- a/res/res_smdi.c +++ b/res/res_smdi.c @@ -1001,7 +1001,7 @@ static int smdi_load(int reload) baud_rate = B9600; } } else if (!strcasecmp(v->name, "msdstrip")) { - if (!sscanf(v->value, "%d", &msdstrip)) { + if (!sscanf(v->value, "%30d", &msdstrip)) { ast_log(LOG_NOTICE, "Invalid msdstrip value in %s (line %d), using default\n", config_file, v->lineno); msdstrip = 0; } else if (0 > msdstrip || msdstrip > 9) { @@ -1009,7 +1009,7 @@ static int smdi_load(int reload) msdstrip = 0; } } else if (!strcasecmp(v->name, "msgexpirytime")) { - if (!sscanf(v->value, "%ld", &msg_expiry)) { + if (!sscanf(v->value, "%30ld", &msg_expiry)) { ast_log(LOG_NOTICE, "Invalid msgexpirytime value in %s (line %d), using default\n", config_file, v->lineno); msg_expiry = SMDI_MSG_EXPIRY_TIME; } @@ -1142,7 +1142,7 @@ static int smdi_load(int reload) continue; } } else if (!strcasecmp(v->name, "pollinginterval")) { - if (sscanf(v->value, "%u", &mwi_monitor.polling_interval) != 1) { + if (sscanf(v->value, "%30u", &mwi_monitor.polling_interval) != 1) { ast_log(LOG_ERROR, "Invalid value for pollinginterval: %s\n", v->value); mwi_monitor.polling_interval = DEFAULT_POLLING_INTERVAL; } @@ -1263,7 +1263,7 @@ static int smdi_msg_retrieve_read(struct ast_channel *chan, const char *cmd, cha } if (!ast_strlen_zero(args.timeout)) { - if (sscanf(args.timeout, "%u", &timeout) != 1) { + if (sscanf(args.timeout, "%30u", &timeout) != 1) { ast_log(LOG_ERROR, "'%s' is not a valid timeout\n", args.timeout); timeout = SMDI_RETRIEVE_TIMEOUT_DEFAULT; } diff --git a/res/snmp/agent.c b/res/snmp/agent.c index 5a13142d2..f4d4fc6fd 100644 --- a/res/snmp/agent.c +++ b/res/snmp/agent.c @@ -808,7 +808,7 @@ static u_char *ast_var_Version(struct variable *vp, oid *name, size_t *length, return (u_char *)version; } case ASTVERTAG: - sscanf(ast_get_version_num(), "%lu", &long_ret); + sscanf(ast_get_version_num(), "%30lu", &long_ret); return (u_char *)&long_ret; default: break; -- cgit v1.2.3