Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Bounds checking for input string

Browse Source 
(closes issue #16407)
 Reported by: qwell
 Patches: 
       20100104__issue16407.diff.txt uploaded by tilghman (license 14)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@237573 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.4
Tilghman Lesher 16 years ago
parent 5971279916
commit 6dd970ce9b
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File

50
main/say.c
Unescape View File

@ -3253,9 +3253,9 @@ int ast_say_date_with_format_en(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -3501,9 +3501,9 @@ int ast_say_date_with_format_da(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -3706,9 +3706,9 @@ int ast_say_date_with_format_de(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -3938,9 +3938,9 @@ int ast_say_date_with_format_he(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -4093,9 +4093,9 @@ int ast_say_date_with_format_es(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile);
res = wait_file(chan,ints,nextmsg,lang);
@ -4285,9 +4285,9 @@ int ast_say_date_with_format_fr(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -4483,9 +4483,9 @@ int ast_say_date_with_format_it(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
sndfile[sndoffset] = format[offset];
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -4716,9 +4716,9 @@ int ast_say_date_with_format_nl(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -4922,9 +4922,9 @@ int ast_say_date_with_format_pl(struct ast_channel *chan, time_t thetime, const
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset = 0;
for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan, ints, sndfile, lang);
break;
@ -5140,9 +5140,9 @@ int ast_say_date_with_format_pt(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile);
res = wait_file(chan,ints,nextmsg,lang);
@ -5430,9 +5430,9 @@ int ast_say_date_with_format_zh(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;
@ -6807,9 +6807,9 @@ static int ast_say_date_with_format_gr(struct ast_channel *chan, time_t time, co
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++)
for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;

Write Preview
Loading…
Cancel
Save