CDR: Protect from data overflow in ast_cdr_setuserfield.
ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could result in a buffer overrun when called from chan_sip or func_cdr. This patch adds a maximum bytes written to the field by using ast_copy_string instead. ASTERISK-26897 #close patches: 0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted by Corey Farrell (license #5909) Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
This commit is contained in:
parent
a889621b14
commit
380973cc47
|
@ -3278,7 +3278,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield)
|
|||
if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
|
||||
continue;
|
||||
}
|
||||
strcpy(it_cdr->party_a.userfield, userfield);
|
||||
ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
|
||||
}
|
||||
ao2_unlock(cdr);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue