[Pkg-voip-commits] [asterisk] 03/10: AST-2017-010: the original

Wed Dec 13 20:23:02 UTC 2017

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch stretch
in repository asterisk.

commit be2e6d741f351222aca9631a523765796285f0c1
Author: Tzafrir Cohen <tzafrir at debian.org>
Date:   Wed Dec 13 18:18:26 2017 +0200

    AST-2017-010: the original
---
 debian/patches/AST-2017-010.patch | 48 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/debian/patches/AST-2017-010.patch b/debian/patches/AST-2017-010.patch
new file mode 100644
index 0000000..b2fa73a
--- /dev/null
+++ b/debian/patches/AST-2017-010.patch
@@ -0,0 +1,48 @@
+From 2b85799512c7536516f50624ce1f13da6fe68dba Mon Sep 17 00:00:00 2001
+From: Richard Mudgett <rmudgett at digium.com>
+Date: Tue, 3 Oct 2017 16:19:52 -0500
+Subject: [PATCH] AST-2017-010: Fix cdr_object_update_party_b_userfield_cb()
+ buf overrun
+
+cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
+the supplied string is too long.  The long string could be supplied by
+external means using the CDR(userfield) function.
+
+This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The
+earlier patch fixed the buffer overrun for Party A's userfield while this
+patch fixes the same thing for Party B's userfield.
+
+ASTERISK-27337
+
+Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
+---
+ main/cdr.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/main/cdr.c b/main/cdr.c
+index 1424607c99..60532fe9fc 100644
+--- a/main/cdr.c
++++ b/main/cdr.c
+@@ -3384,7 +3384,8 @@ static int cdr_object_update_party_b_userfield_cb(void *obj, void *arg, void *da
+ 		ast_assert(cdr->party_b.snapshot
+ 			&& !strcasecmp(cdr->party_b.snapshot->name, info->channel_name));
+ 
+-		strcpy(cdr->party_b.userfield, info->userfield);
++		ast_copy_string(cdr->party_b.userfield, info->userfield,
++			sizeof(cdr->party_b.userfield));
+ 	}
+ 
+ 	return 0;
+@@ -3407,7 +3408,8 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield)
+ 			if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
+ 				continue;
+ 			}
+-			ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
++			ast_copy_string(it_cdr->party_a.userfield, userfield,
++				sizeof(it_cdr->party_a.userfield));
+ 		}
+ 		ao2_unlock(cdr);
+ 	}
+-- 
+2.11.0
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

