diff options
author | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-10-08 22:22:09 +0000 |
---|---|---|
committer | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-10-08 22:22:09 +0000 |
commit | 971d97c81ce36019c2c400a83b3ecfea6c5afea2 (patch) | |
tree | 8d4ee073c923a4552017e4a73fc894876e00cf7a /channels | |
parent | f7e0834153a6274d69dec1ed739a79c8e1bb0c8f (diff) |
when parsing a text configuration option, ensure that the buffer on the stack is actually large enough to hold the legal values of that option, and also ensure that sscanf() knows to stop parsing if it would overrun the buffer (without these changes, specifying "buffers=...,immediate" would overflow the buffer on the stack, and could not have worked as expected)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@147681 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_dahdi.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index 476a24c62..60b6d2d9f 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -10990,8 +10990,9 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct return -1; } else if (!strcasecmp(v->name, "buffers")) { int res; - char policy[8] = ""; - res = sscanf(v->value, "%d,%s", &confp->chan.buf_no, policy); + char policy[21] = ""; + + res = sscanf(v->value, "%d,%20s", &confp->chan.buf_no, policy); if (res != 2) { ast_log(LOG_WARNING, "Parsing buffers option data failed, using defaults.\n"); confp->chan.buf_no = numbufs; |