app_externalivr: Prevent out-of-bounds read during argument processing.

author Sean Bright <sean@seanbright.com>

Wed, 17 Sep 2025 18:27:49 +0000 (14:27 -0400)

committer github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Mon, 22 Sep 2025 16:55:52 +0000 (16:55 +0000)
author Sean Bright <sean@seanbright.com>
Wed, 17 Sep 2025 18:27:49 +0000 (14:27 -0400)
committer github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Mon, 22 Sep 2025 16:55:52 +0000 (16:55 +0000)
diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c

index e8031ec71bfea1368e8a32329c2d443de289eb23..545b439b1cde0f1fda070de099e368c369a5e2d6 100644 (file)
--- a/apps/app_externalivr.c
+++ b/apps/app_externalivr.c
@@ -424,8 +424,11 @@ static int app_exec(struct ast_channel *chan, const char *data)
                 AST_APP_ARG(application);
                 AST_APP_ARG(options);
         );
+
+#define MAX_EIVR_APPLICATION_ARGS 32
+
         AST_DECLARE_APP_ARGS(application_args,
-               AST_APP_ARG(cmd)[32];
+               AST_APP_ARG(cmd)[MAX_EIVR_APPLICATION_ARGS];
         );
  
         u->abort_current_sound = 0;
@@ -458,7 +461,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
  
         /* Put the application + the arguments in a , delimited list */
         ast_str_reset(comma_delim_args);
-       for (j = 0; application_args.cmd[j] != NULL; j++) {
+       for (j = 0; j < MAX_EIVR_APPLICATION_ARGS && application_args.cmd[j]; j++) {
                 ast_str_append(&comma_delim_args, 0, "%s%s", j == 0 ? "" : ",", application_args.cmd[j]);
         }
author	Sean Bright <sean@seanbright.com>
	Wed, 17 Sep 2025 18:27:49 +0000 (14:27 -0400)
committer	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
	Mon, 22 Sep 2025 16:55:52 +0000 (16:55 +0000)