res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases

We're appropriately sizing the id_domain_alias buffer, but then copying the data into the id_domain one. We were then using the uninitialized id_domain_alias buffer we just allocated. This is ASTERISK~28641 adjacent, but significant enough to warrant its own patch. Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9
6 years ago · 5c20cc4c3a
parent dd07ac6a3a
commit 5c20cc4c3a
1 changed files with 1 additions and 1 deletions
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@ -975,7 +975,7 @@ static char *find_aor_name(const char *username, const char *domain, const char
 	if (alias) {
 		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);

-		sprintf(id_domain, "%s@%s", username, alias->domain);
+		sprintf(id_domain_alias, "%s@%s", username, alias->domain);
 		ao2_cleanup(alias);

 		configured_aors = strcpy(aors_buf, aors);/* Safe */