retronetworking
/
chan-capi
mirror of https://github.com/MelwareDE/chan-capi.git
13
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix possible buffer overflow on deflect command.

This commit is contained in:
MelwareDE 2009-07-30 18:13:10 +00:00
parent d315cb6105
commit 24d3a90c5a
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
chan_capi.c
View File

@ -4877,10 +4877,11 @@ static struct capi_pvt* get_active_plci (struct ast_channel *c) {
*/
static int pbx_capi_call_deflect(struct ast_channel *c, char *param)
{
#define DEFLECT_NUMBER_MAX_LEN 35
struct capi_pvt *i = CC_CHANNEL_PVT(c);
char *number;
int numberlen;
char facnumber[32];
char facnumber[DEFLECT_NUMBER_MAX_LEN + 4];
if (!param) {
cc_log(LOG_WARNING, CC_MESSAGE_NAME
@ -4895,9 +4896,10 @@ static int pbx_capi_call_deflect(struct ast_channel *c, char *param)
" deflection requires an argument (destination phone number)\n");
return -1;
}
if (numberlen > 35) {
if (numberlen > DEFLECT_NUMBER_MAX_LEN) {
cc_log(LOG_WARNING, CC_MESSAGE_NAME
" deflection does only support phone number up to 35 digits\n");
" deflection does only support phone number up to %d digits\n",
DEFLECT_NUMBER_MAX_LEN);
return -1;
}
if (!(capi_controllers[i->controller]->CD)) {