diff options
| author | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-15 15:03:32 +0000 |
|---|---|---|
| committer | tilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-08-15 15:03:32 +0000 |
| commit | 9a40998bb3b298dd13dfdc714cace41605811c92 (patch) | |
| tree | 0a705201071f1b641e8091ad4ce8aae057f315c1 /funcs/func_strings.c | |
| parent | 7d9fa10c338356c0531855a816ff6a014578f358 (diff) | |
Merged revisions 138023 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r138023 | tilghman | 2008-08-15 09:51:12 -0500 (Fri, 15 Aug 2008) | 8 lines
Additional check for more string specifiers than arguments.
(closes issue #13299)
Reported by: adomjan
Patches:
20080813__bug13299.diff.txt uploaded by Corydon76 (license 14)
func_strings.c-sprintf.patch uploaded by adomjan (license 487)
Tested by: adomjan
........
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@138024 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'funcs/func_strings.c')
| -rw-r--r-- | funcs/func_strings.c | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/funcs/func_strings.c b/funcs/func_strings.c index ffe7e4e02..b8aac1351 100644 --- a/funcs/func_strings.c +++ b/funcs/func_strings.c @@ -496,8 +496,13 @@ static int acf_sprintf(struct ast_channel *chan, const char *cmd, char *data, ch formatbuf[&arg.format[i] - formatstart + 1] = '\0'; /* Convert the argument into the required type */ - if (sscanf(arg.var[argcount++], "%d", &tmpi) != 1) { - ast_log(LOG_ERROR, "Argument '%s' is not an integer number for format '%s'\n", arg.var[argcount - 1], formatbuf); + if (arg.var[argcount]) { + if (sscanf(arg.var[argcount++], "%d", &tmpi) != 1) { + ast_log(LOG_ERROR, "Argument '%s' is not an integer number for format '%s'\n", arg.var[argcount - 1], formatbuf); + goto sprintf_fail; + } + } else { + ast_log(LOG_ERROR, "SPRINTF() has more format specifiers than arguments!\n"); goto sprintf_fail; } @@ -514,8 +519,13 @@ static int acf_sprintf(struct ast_channel *chan, const char *cmd, char *data, ch formatbuf[&arg.format[i] - formatstart + 1] = '\0'; /* Convert the argument into the required type */ - if (sscanf(arg.var[argcount++], "%lf", &tmpd) != 1) { - ast_log(LOG_ERROR, "Argument '%s' is not a floating point number for format '%s'\n", arg.var[argcount - 1], formatbuf); + if (arg.var[argcount]) { + if (sscanf(arg.var[argcount++], "%lf", &tmpd) != 1) { + ast_log(LOG_ERROR, "Argument '%s' is not a floating point number for format '%s'\n", arg.var[argcount - 1], formatbuf); + goto sprintf_fail; + } + } else { + ast_log(LOG_ERROR, "SPRINTF() has more format specifiers than arguments!\n"); goto sprintf_fail; } @@ -562,6 +572,7 @@ static int acf_sprintf(struct ast_channel *chan, const char *cmd, char *data, ch } } } + *bufptr = '\0'; return 0; sprintf_fail: return -1; |