diff options
| author | mnick <mnick@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-30 15:37:39 +0000 |
|---|---|---|
| committer | mnick <mnick@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-09-30 15:37:39 +0000 |
| commit | 4ae29664db37e8fd57e3d0bc2e6e1e916a6925df (patch) | |
| tree | 5e722aaf3b5e49fd1e03be355f3dd8e903d4850e /funcs | |
| parent | 4f67fa12535deb67bc00f833d168270544281077 (diff) | |
check bounds - prevents for buffer overflow
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@221153 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'funcs')
| -rw-r--r-- | funcs/func_strings.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/funcs/func_strings.c b/funcs/func_strings.c index 68f806ff1..3dcca56ee 100644 --- a/funcs/func_strings.c +++ b/funcs/func_strings.c @@ -384,6 +384,12 @@ static struct ast_custom_function sprintf_function = { static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, size_t len) { char *bufptr = buf, *dataptr = data; + + if (len < 3){ /* at least two for quotes and one for binary zero */ + ast_log(LOG_ERROR, "Not enough buffer"); + return -1; + } + if (ast_strlen_zero(data)) { ast_log(LOG_WARNING, "No argument specified!\n"); ast_copy_string(buf, "\"\"", len); @@ -391,7 +397,7 @@ static int quote(struct ast_channel *chan, char *cmd, char *data, char *buf, siz } *bufptr++ = '"'; - for (; bufptr < buf + len - 1; dataptr++) { + for (; bufptr < buf + len - 3; dataptr++) { if (*dataptr == '\\') { *bufptr++ = '\\'; *bufptr++ = '\\'; |