don't allow AUEP responses to overflow the stack during a string copy (reported by Mu Security)

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@40057 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.2
Kevin P. Fleming 19 years ago
parent 465207a28d
commit c3a46b712e

@ -2478,12 +2478,14 @@ static void handle_response(struct mgcp_endpoint *p, struct mgcp_subchannel *sub
if (strncasecmp(v, p->sub->cxident, len) &&
strncasecmp(v, p->sub->next->cxident, len)) {
/* connection id not found. delete it */
char cxident[80];
memcpy(cxident, v, len);
cxident[len] = '\0';
char cxident[80] = "";
if (len > (sizeof(cxident) - 1))
len = sizeof(cxident) - 1;
ast_copy_string(cxident, v, len);
if (option_verbose > 2) {
ast_verbose(VERBOSE_PREFIX_3 "Non existing connection id %s on %s@%s \n",
cxident, p->name, gw->name);
cxident, p->name, gw->name);
}
transmit_connection_del_w_params(p, NULL, cxident);
}

Loading…
Cancel
Save