diff options
Diffstat (limited to 'apps/app_rpt.c')
-rw-r--r-- | apps/app_rpt.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/apps/app_rpt.c b/apps/app_rpt.c index 78d0d9cba..d804fef02 100644 --- a/apps/app_rpt.c +++ b/apps/app_rpt.c @@ -2101,7 +2101,8 @@ int ret; if (str == NULL) return -1; /* leave this %i alone, non-base-10 input is useful here */ - if (sscanf(str,"%i",&ret) != 1) return -1; + if (sscanf(str, "%30i", &ret) != 1) + return -1; return ret; } @@ -2325,7 +2326,7 @@ static char *cs_keywords[] = {"rptena","rptdis","apena","apdis","lnkena","lnkdis /* do not use atoi() here, we need to be able to have the input specified in hex or decimal so we use sscanf with a %i */ - if ((!val) || (sscanf(val,"%i",&rpt_vars[n].p.iobase) != 1)) + if ((!val) || (sscanf(val, "%30i", &rpt_vars[n].p.iobase) != 1)) rpt_vars[n].p.iobase = DEFAULT_IOBASE; val = (char *) ast_variable_retrieve(cfg,this,"ioport"); rpt_vars[n].p.ioport = val; @@ -3640,7 +3641,7 @@ static int send_tone_telemetry(struct ast_channel *chan, char *tonestring) tonesubset = strsep(&stringp,")"); if(!tonesubset) break; - if(sscanf(tonesubset,"(%d,%d,%d,%d", &f1, &f2, &duration, &litude) != 4) + if(sscanf(tonesubset,"(%30d,%30d,%30d,%30d", &f1, &f2, &duration, &litude) != 4) break; res = play_tone_pair(chan, f1, f2, duration, amplitude); if(res) @@ -5074,7 +5075,7 @@ struct dahdi_params par; p = strstr(tdesc, "version"); if(!p) break; - if(sscanf(p, "version %d.%d", &vmajor, &vminor) != 2) + if(sscanf(p, "version %30d.%30d", &vmajor, &vminor) != 2) break; wait_interval(myrpt, DLY_TELEM, mychannel); /* Wait a little bit */ /* Say "version" */ @@ -6683,10 +6684,12 @@ static int collect_function_digits(struct rpt *myrpt, char *digits, static void handle_link_data(struct rpt *myrpt, struct rpt_link *mylink, char *str) { -char tmp[512],tmp1[512],cmd[300] = "",dest[300],src[300],c; -int i,seq, res, ts; -struct rpt_link *l; -struct ast_frame wf; + /* XXX ATTENTION: if you change the size of these arrays you MUST + * change the limits in corresponding sscanf() calls below. */ + char tmp[512], tmp1[512], cmd[300] = "", dest[300], src[300], c; + int i,seq, res, ts; + struct rpt_link *l; + struct ast_frame wf; wf.frametype = AST_FRAME_TEXT; wf.subclass = 0; @@ -6721,7 +6724,7 @@ struct ast_frame wf; } if (tmp[0] == 'K') { - if (sscanf(tmp,"%s %s %s %d %d",cmd,dest,src,&seq,&ts) != 5) + if (sscanf(tmp,"%299s %299s %299s %30d %30d",cmd,dest,src,&seq,&ts) != 5) { ast_log(LOG_WARNING, "Unable to parse keying string %s\n",str); return; @@ -6829,7 +6832,7 @@ struct ast_frame wf; } if (tmp[0] == 'I') { - if (sscanf(tmp,"%s %s %x",cmd,src,&seq) != 3) + if (sscanf(tmp, "%299s %299s %30x", cmd, src, &seq) != 3) { ast_log(LOG_WARNING, "Unable to parse ident string %s\n",str); return; @@ -6839,7 +6842,7 @@ struct ast_frame wf; } else { - if (sscanf(tmp,"%s %s %s %d %c",cmd,dest,src,&seq,&c) != 5) + if (sscanf(tmp, "%299s %299s %299s %30d %1c", cmd, dest, src, &seq, &c) != 5) { ast_log(LOG_WARNING, "Unable to parse link string %s\n",str); return; @@ -10234,8 +10237,10 @@ int ret,res = 0,src; static int handle_remote_data(struct rpt *myrpt, char *str) { -char tmp[300],cmd[300],dest[300],src[300],c; -int seq,res; + /* XXX ATTENTION: if you change the size of these arrays you MUST + * change the limits in corresponding sscanf() calls below. */ + char tmp[300], cmd[300], dest[300], src[300], c; + int seq,res; /* put string in our buffer */ strncpy(tmp,str,sizeof(tmp) - 1); @@ -10258,7 +10263,9 @@ int seq,res; return 0; } #endif - if (sscanf(tmp,"%s %s %s %d %c",cmd,dest,src,&seq,&c) != 5) + /* XXX WARNING: be very careful with the limits on the folowing + * sscanf() call, make sure they match the values defined above */ + if (sscanf(tmp, "%299s %299s %299s %30d %1c", cmd, dest, src, &seq, &c) != 5) { ast_log(LOG_WARNING, "Unable to parse link string %s\n",str); return 0; @@ -11889,7 +11896,7 @@ char tmpstr[300],lstr[MAXLINKLIST]; p = strstr(tdesc, "version"); if(p){ int vmajor,vminor; - if(sscanf(p, "version %d.%d", &vmajor, &vminor) == 2) + if(sscanf(p, "version %30d.%30d", &vmajor, &vminor) == 2) sprintf(str + strlen(str),"&apprptvers=%d.%d",vmajor,vminor); } time(&now); |