From 22a91bf69839f5a5191342c1e508cb8fd7d86d50 Mon Sep 17 00:00:00 2001 From: Scott Griepentrog Date: Tue, 9 Dec 2014 20:46:17 +0000 Subject: [PATCH] core: avoid possible asterisk -r crash from long id When connecting to the remote console, an id string is first provided that consts of the hostname, pid, and version. This is parsed by the remote instance using a buffer that may be too short, and can allow a buffer overrun because it is not terminated. This patch adds termination and a larger buffer. Review: https://reviewboard.asterisk.org/r/4182/ git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@429223 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- main/asterisk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main/asterisk.c b/main/asterisk.c index 1c6994280d..0a5ab13352 100644 --- a/main/asterisk.c +++ b/main/asterisk.c @@ -3200,7 +3200,7 @@ static int ast_el_read_history(char *filename) static void ast_remotecontrol(char *data) { - char buf[80]; + char buf[256] = ""; int res; char filename[80] = ""; char *hostname; @@ -3217,7 +3217,7 @@ static void ast_remotecontrol(char *data) signal(SIGTERM, __remote_quit_handler); signal(SIGHUP, __remote_quit_handler); - if (read(ast_consock, buf, sizeof(buf)) < 0) { + if (read(ast_consock, buf, sizeof(buf) - 1) < 0) { ast_log(LOG_ERROR, "read() failed: %s\n", strerror(errno)); return; }