Fix invalid reads/writes due to incorrect sizeof().

These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *).  The correct way to get the size of this address is to
use h_length.  This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@359211 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
index 19d445ad75d05a1738102a21b26dab466aa2e61e..13525fd9626b4b12efb8454ad8e44d3543a8754e 100644 (file)
--- a/apps/app_externalivr.c
+++ b/apps/app_externalivr.c
@@ -514,7 +514,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
                ast_gethostbyname(hostname, &hp);
                remote_address_tmp.sin_family = AF_INET;
                remote_address_tmp.sin_port = htons(port);
-               memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, sizeof(hp.hp.h_addr));
+               memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
                ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp);
                if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) {
                        goto exit;

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index bce44fa5ab799e559b0e7b4de350fdd82ff9eff6..e7fb9828bb10c2c5ccd507e32fc9a29d96e69e61 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -4362,7 +4362,7 @@ static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in
                                if (!strcasecmp(tmp->name, "host")) {
                                        struct ast_hostent ahp;
                                        struct hostent *hp;
-                                       if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+                                       if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
                                                /* No match */
                                                ast_variables_destroy(var);
                                                var = NULL;
@@ -4474,7 +4474,7 @@ static struct iax2_user *realtime_user(const char *username, struct sockaddr_in
                                if (!strcasecmp(tmp->name, "host")) {
                                        struct ast_hostent ahp;
                                        struct hostent *hp;
-                                       if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+                                       if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
                                                /* No match */
                                                ast_variables_destroy(var);
                                                var = NULL;