don't allow AUEP responses to overflow the stack during a string copy (reported by Mu Security)

git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.2@40057 f38db490-d61c-443f-a65b-d21fe96a405b
author: kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> 2006-08-16 18:57:44 +0000
committer: kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> 2006-08-16 18:57:44 +0000
commit: 3d2c202d6356b29e2bf4fa43afb4a9aad6f64b27 (patch)
tree: 951c9e1227a8337c9e4f0ae5432aa0683293e376 /channels
parent: 50d1f3b97243af5ae0d32564ca04ff6827103b7f (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/channels/chan_mgcp.c b/channels/chan_mgcp.c
index 8190d9e3a..cb3c3d7ce 100644
--- a/channels/chan_mgcp.c
+++ b/channels/chan_mgcp.c
@@ -2478,12 +2478,14 @@ static void handle_response(struct mgcp_endpoint *p, struct mgcp_subchannel *sub
 						if (strncasecmp(v, p->sub->cxident, len) &&
 						    strncasecmp(v, p->sub->next->cxident, len)) {
 							/* connection id not found. delete it */
-							char cxident[80];
-							memcpy(cxident, v, len);
-							cxident[len] = '\0';
+							char cxident[80] = "";
+
+							if (len > (sizeof(cxident) - 1))
+								len = sizeof(cxident) - 1;
+							ast_copy_string(cxident, v, len);
 							if (option_verbose > 2) {
 								ast_verbose(VERBOSE_PREFIX_3 "Non existing connection id %s on %s@%s \n", 
-									cxident, p->name, gw->name);
+									    cxident, p->name, gw->name);
 							}
 							transmit_connection_del_w_params(p, NULL, cxident);
 						}
author	kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b>	2006-08-16 18:57:44 +0000
committer	kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b>	2006-08-16 18:57:44 +0000
commit	3d2c202d6356b29e2bf4fa43afb4a9aad6f64b27 (patch)
tree	951c9e1227a8337c9e4f0ae5432aa0683293e376 /channels
parent	50d1f3b97243af5ae0d32564ca04ff6827103b7f (diff)