From 5e980e51786c939bf9208049a0e706ff6d5e67c3 Mon Sep 17 00:00:00 2001 From: Liong Sauw Ming Date: Wed, 30 Dec 2015 23:52:54 +0000 Subject: Re #1882 (misc): Add checking before calling pj_strncpy(), to make it more robust and consistent with the other two checks below. Note that without the check, it should be safe, but the buffer could point to one byte after the buffer, even though the string length is zero. Thanks to Dusan Klinec for the proposed patch. git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@5224 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/src/pjsua-lib/pjsua_pres.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pjsip/src/pjsua-lib/pjsua_pres.c b/pjsip/src/pjsua-lib/pjsua_pres.c index f9e0b635..6b35070f 100644 --- a/pjsip/src/pjsua-lib/pjsua_pres.c +++ b/pjsip/src/pjsua-lib/pjsua_pres.c @@ -249,9 +249,13 @@ PJ_DEF(pj_status_t) pjsua_buddy_get_info( pjsua_buddy_id buddy_id, total += info->uri.slen; /* contact */ - info->contact.ptr = info->buf_ + total; - pj_strncpy(&info->contact, &buddy->contact, sizeof(info->buf_)-total); - total += info->contact.slen; + if (total < sizeof(info->buf_)) { + info->contact.ptr = info->buf_ + total; + pj_strncpy(&info->contact, &buddy->contact, sizeof(info->buf_) - total); + total += info->contact.slen; + } else { + info->contact = pj_str(""); + } /* Presence status */ pj_memcpy(&info->pres_status, &buddy->status, sizeof(pjsip_pres_status)); -- cgit v1.2.3