diff options
Diffstat (limited to 'apps/app_rpt.c')
| -rw-r--r-- | apps/app_rpt.c | 35 |
1 files changed, 25 insertions, 10 deletions
diff --git a/apps/app_rpt.c b/apps/app_rpt.c index a5778574b..8d20553de 100644 --- a/apps/app_rpt.c +++ b/apps/app_rpt.c @@ -2101,7 +2101,10 @@ int ret; if (str == NULL) return -1; /* leave this %i alone, non-base-10 input is useful here */ - if (sscanf(str,"%i",&ret) != 1) return -1; + if (sscanf(str, "%30i", &ret) != 1) { + return -1; + } + return ret; } @@ -2325,7 +2328,7 @@ static char *cs_keywords[] = {"rptena","rptdis","apena","apdis","lnkena","lnkdis /* do not use atoi() here, we need to be able to have the input specified in hex or decimal so we use sscanf with a %i */ - if ((!val) || (sscanf(val,"%i",&rpt_vars[n].p.iobase) != 1)) + if ((!val) || (sscanf(val,"%30i",&rpt_vars[n].p.iobase) != 1)) rpt_vars[n].p.iobase = DEFAULT_IOBASE; val = (char *) ast_variable_retrieve(cfg,this,"ioport"); rpt_vars[n].p.ioport = val; @@ -3640,7 +3643,7 @@ static int send_tone_telemetry(struct ast_channel *chan, char *tonestring) tonesubset = strsep(&stringp,")"); if(!tonesubset) break; - if(sscanf(tonesubset,"(%d,%d,%d,%d", &f1, &f2, &duration, &litude) != 4) + if(sscanf(tonesubset,"(%30d,%30d,%30d,%30d", &f1, &f2, &duration, &litude) != 4) break; res = play_tone_pair(chan, f1, f2, duration, amplitude); if(res) @@ -5065,7 +5068,7 @@ struct dahdi_params par; p = strstr(tdesc, "version"); if(!p) break; - if(sscanf(p, "version %d.%d", &vmajor, &vminor) != 2) + if(sscanf(p, "version %30d.%30d", &vmajor, &vminor) != 2) break; wait_interval(myrpt, DLY_TELEM, mychannel); /* Wait a little bit */ /* Say "version" */ @@ -6673,6 +6676,8 @@ static int collect_function_digits(struct rpt *myrpt, char *digits, static void handle_link_data(struct rpt *myrpt, struct rpt_link *mylink, char *str) { +/* XXX ATTENTION: if you change the size of these arrays you MUST + * change the limits in corresponding sscanf() calls below. */ char tmp[512],tmp1[512],cmd[300] = "",dest[300],src[300],c; int i,seq, res, ts; struct rpt_link *l; @@ -6711,7 +6716,7 @@ struct ast_frame wf; } if (tmp[0] == 'K') { - if (sscanf(tmp,"%s %s %s %d %d",cmd,dest,src,&seq,&ts) != 5) + if (sscanf(tmp, "%299s %299s %299s %30d %30d", cmd, dest, src, &seq, &ts) != 5) { ast_log(LOG_WARNING, "Unable to parse keying string %s\n",str); return; @@ -6819,7 +6824,9 @@ struct ast_frame wf; } if (tmp[0] == 'I') { - if (sscanf(tmp,"%s %s %x",cmd,src,&seq) != 3) + /* XXX WARNING: be very careful with the limits on the folowing + * sscanf() call, make sure they match the values defined above */ + if (sscanf(tmp,"%299s %299s %30x",cmd,src,&seq) != 3) { ast_log(LOG_WARNING, "Unable to parse ident string %s\n",str); return; @@ -6829,7 +6836,9 @@ struct ast_frame wf; } else { - if (sscanf(tmp,"%s %s %s %d %c",cmd,dest,src,&seq,&c) != 5) + /* XXX WARNING: be very careful with the limits on the folowing + * sscanf() call, make sure they match the values defined above */ + if (sscanf(tmp,"%299s %299s %299s %30d %1c",cmd,dest,src,&seq,&c) != 5) { ast_log(LOG_WARNING, "Unable to parse link string %s\n",str); return; @@ -10224,6 +10233,8 @@ int ret,res = 0,src; static int handle_remote_data(struct rpt *myrpt, char *str) { +/* XXX ATTENTION: if you change the size of these arrays you MUST + * change the limits in corresponding sscanf() calls below. */ char tmp[300],cmd[300],dest[300],src[300],c; int seq,res; @@ -10239,7 +10250,9 @@ int seq,res; #ifndef DO_NOT_NOTIFY_MDC1200_ON_REMOTE_BASES if (tmp[0] == 'I') { - if (sscanf(tmp,"%s %s %x",cmd,src,&seq) != 3) + /* XXX WARNING: be very careful with the limits on the folowing + * sscanf() call, make sure they match the values defined above */ + if (sscanf(tmp,"%299s %299s %30x",cmd,src,&seq) != 3) { ast_log(LOG_WARNING, "Unable to parse ident string %s\n",str); return 0; @@ -10248,7 +10261,9 @@ int seq,res; return 0; } #endif - if (sscanf(tmp,"%s %s %s %d %c",cmd,dest,src,&seq,&c) != 5) + /* XXX WARNING: be very careful with the limits on the folowing + * sscanf() call, make sure they match the values defined above */ + if (sscanf(tmp,"%299s %299s %299s %30d %1c",cmd,dest,src,&seq,&c) != 5) { ast_log(LOG_WARNING, "Unable to parse link string %s\n",str); return 0; @@ -11879,7 +11894,7 @@ char tmpstr[300],lstr[MAXLINKLIST]; p = strstr(tdesc, "version"); if(p){ int vmajor,vminor; - if(sscanf(p, "version %d.%d", &vmajor, &vminor) == 2) + if(sscanf(p, "version %30d.%30d", &vmajor, &vminor) == 2) sprintf(str + strlen(str),"&apprptvers=%d.%d",vmajor,vminor); } time(&now); |