diff options
| author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-19 19:49:25 +0000 |
|---|---|---|
| committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-01-19 19:49:25 +0000 |
| commit | cdb156f197e4485e440828147ca18bb30588e170 (patch) | |
| tree | b9bab2a9153e532199b61b4ba90d66d93c457a98 | |
| parent | db4dcb58ab0dc1eb89582bf55a67a2d35ccf9267 (diff) | |
Truncate userevents at the end of a line, when the command exceeds the buffer.
(closes issue #14278)
Reported by: fnordian
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@169364 f38db490-d61c-443f-a65b-d21fe96a405b
| -rw-r--r-- | apps/app_userevent.c | 11 | ||||
| -rw-r--r-- | main/manager.c | 8 |
2 files changed, 14 insertions, 5 deletions
diff --git a/apps/app_userevent.c b/apps/app_userevent.c index df7bc58a7..dd8000376 100644 --- a/apps/app_userevent.c +++ b/apps/app_userevent.c @@ -59,7 +59,7 @@ static int userevent_exec(struct ast_channel *chan, void *data) { struct ast_module_user *u; char *parse, buf[2048] = ""; - int x, buflen = 0; + int x, buflen = 0, xlen; AST_DECLARE_APP_ARGS(args, AST_APP_ARG(eventname); AST_APP_ARG(extra)[100]; @@ -77,8 +77,13 @@ static int userevent_exec(struct ast_channel *chan, void *data) AST_STANDARD_APP_ARGS(args, parse); for (x = 0; x < args.argc - 1; x++) { - ast_copy_string(buf + buflen, args.extra[x], sizeof(buf) - buflen - 2); - buflen += strlen(args.extra[x]); + /* Stop once a header comes up that exceeds our buffer. */ + if (sizeof(buf) <= buflen + (xlen = strlen(args.extra[x])) + 3) { + ast_log(LOG_WARNING, "UserEvent exceeds our buffer length! Truncating.\n"); + break; + } + ast_copy_string(buf + buflen, args.extra[x], sizeof(buf) - buflen - 3); + buflen += xlen; ast_copy_string(buf + buflen, "\r\n", 3); buflen += 2; } diff --git a/main/manager.c b/main/manager.c index c0245ad2a..7f436ad94 100644 --- a/main/manager.c +++ b/main/manager.c @@ -2142,11 +2142,15 @@ static int action_userevent(struct mansession *s, const struct message *m) { const char *event = astman_get_header(m, "UserEvent"); char body[2048] = ""; - int x, bodylen = 0; + int x, bodylen = 0, xlen; for (x = 0; x < m->hdrcount; x++) { if (strncasecmp("UserEvent:", m->headers[x], strlen("UserEvent:"))) { + if (sizeof(body) < bodylen + (xlen = strlen(m->headers[x])) + 3) { + ast_log(LOG_WARNING, "UserEvent exceeds our buffer length. Truncating.\n"); + break; + } ast_copy_string(body + bodylen, m->headers[x], sizeof(body) - bodylen - 3); - bodylen += strlen(m->headers[x]); + bodylen += xlen; ast_copy_string(body + bodylen, "\r\n", 3); bodylen += 2; } |