diff options
| author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2006-09-07 23:15:43 +0000 |
|---|---|---|
| committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2006-09-07 23:15:43 +0000 |
| commit | 17b99c8c7c05646c9eff400674a405a9f71a3ae1 (patch) | |
| tree | 812e78fb90642a2f7ab834c74f50945168ceb1b8 /apps | |
| parent | 16dbc5a69a8f0698c80fd4dc8a9c5ac725b1173d (diff) | |
Merged revisions 42355 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.2
........
r42355 | tilghman | 2006-09-07 18:12:29 -0500 (Thu, 07 Sep 2006) | 2 lines
Format vulnerability fix - allowing the user to specify a format is not a good idea (Bug 7811)
........
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@42356 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/app_record.c | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/apps/app_record.c b/apps/app_record.c index 231e2bb1e..810806e48 100644 --- a/apps/app_record.c +++ b/apps/app_record.c @@ -43,6 +43,7 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$") #include "asterisk/dsp.h" #include "asterisk/utils.h" #include "asterisk/options.h" +#include "asterisk/app.h" static char *app = "Record"; @@ -179,8 +180,34 @@ static int record_exec(struct ast_channel *chan, void *data) /* these are to allow the use of the %d in the config file for a wild card of sort to create a new file with the inputed name scheme */ if (percentflag) { + AST_DECLARE_APP_ARGS(fname, + AST_APP_ARG(piece)[100]; + ); + char *tmp2 = ast_strdupa(filename); + char countstring[15]; + int i; + + /* Separate each piece out by the format specifier */ + AST_NONSTANDARD_APP_ARGS(fname, tmp2, '%'); do { - snprintf(tmp, sizeof(tmp), filename, count); + int tmplen; + /* First piece has no leading percent, so it's copied verbatim */ + ast_copy_string(tmp, fname.piece[0], sizeof(tmp)); + tmplen = strlen(tmp); + for (i = 1; i < fname.argc; i++) { + if (fname.piece[i][0] == 'd') { + /* Substitute the count */ + snprintf(countstring, sizeof(countstring), "%d", count); + ast_copy_string(tmp + tmplen, countstring, sizeof(tmp) - tmplen); + tmplen += strlen(countstring); + } else if (tmplen + 2 < sizeof(tmp)) { + /* Unknown format specifier - just copy it verbatim */ + tmp[tmplen++] = '%'; + tmp[tmplen++] = fname.piece[i][0]; + } + /* Copy the remaining portion of the piece */ + ast_copy_string(tmp + tmplen, &(fname.piece[i][1]), sizeof(tmp) - tmplen); + } count++; } while ( ast_fileexists(tmp, ext, chan->language) != -1 ); pbx_builtin_setvar_helper(chan, "RECORDED_FILE", tmp); |