From 5c20cc4c3aa0684ff2a81513c85165718ca09d87 Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Wed, 4 Dec 2019 16:12:39 -0500 Subject: [PATCH] res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases We're appropriately sizing the id_domain_alias buffer, but then copying the data into the id_domain one. We were then using the uninitialized id_domain_alias buffer we just allocated. This is ASTERISK~28641 adjacent, but significant enough to warrant its own patch. Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9 --- res/res_pjsip_registrar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c index 62b738a845..953be2070e 100644 --- a/res/res_pjsip_registrar.c +++ b/res/res_pjsip_registrar.c @@ -975,7 +975,7 @@ static char *find_aor_name(const char *username, const char *domain, const char if (alias) { char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2); - sprintf(id_domain, "%s@%s", username, alias->domain); + sprintf(id_domain_alias, "%s@%s", username, alias->domain); ao2_cleanup(alias); configured_aors = strcpy(aors_buf, aors);/* Safe */