]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
projects / thirdparty / freeswitch.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3834871)
FS-10001: [core] Fix Buffer overflow collecting digits
authorMike Jerris <mike@jerris.com>
Mon, 6 Mar 2017 18:51:29 +0000 (12:51 -0600)
committerMike Jerris <mike@jerris.com>
Tue, 7 Mar 2017 19:45:22 +0000 (13:45 -0600)
src/mod/applications/mod_dptools/mod_dptools.c patch | blob | blame | history
src/switch_ivr.c patch | blob | blame | history

diff --git a/src/mod/applications/mod_dptools/mod_dptools.c b/src/mod/applications/mod_dptools/mod_dptools.c
index fb397fa972a1d3b7779d04350c91d7133650de74..d126101e7855160c4dbcb53d4797299e906facf6 100644 (file)
--- a/src/mod/applications/mod_dptools/mod_dptools.c
+++ b/src/mod/applications/mod_dptools/mod_dptools.c
@@ -904,6 +904,7 @@ SWITCH_STANDARD_APP(eavesdrop_function)
                                        if ((file = switch_channel_get_variable(channel, "eavesdrop_indicate_failed"))) {
                                                switch_ivr_play_file(session, NULL, file, NULL);
                                        }
+                                       buf[0] = '\0';
                                        switch_ivr_collect_digits_count(session, buf, buflen, 1, "*", &terminator, 5000, 0, 0);
                                        continue;
                                }
@@ -923,6 +924,7 @@ SWITCH_STANDARD_APP(eavesdrop_function)
                                                                if ((file = switch_channel_get_variable(channel, "eavesdrop_indicate_failed"))) {
                                                                        switch_ivr_play_file(session, NULL, file, NULL);
                                                                }
+                                                               buf[0] = '\0';
                                                                switch_ivr_collect_digits_count(session, buf, buflen, 1, "*", &terminator, 5000, 0, 0);
                                                        }
                                                }
@@ -931,6 +933,7 @@ SWITCH_STANDARD_APP(eavesdrop_function)
                                        if ((file = switch_channel_get_variable(channel, "eavesdrop_indicate_idle"))) {
                                                switch_ivr_play_file(session, NULL, file, NULL);
                                        }
+                                       buf[0] = '\0';
                                        switch_ivr_collect_digits_count(session, buf, buflen, 1, "*", &terminator, 2000, 0, 0);
                                }
                        }
diff --git a/src/switch_ivr.c b/src/switch_ivr.c
index 83965c6df3f7306d66ecbd6c09451ab752cf7cd9..765e77a4d7f1aa81d34128925235d552019c951c 100644 (file)
--- a/src/switch_ivr.c
+++ b/src/switch_ivr.c
@@ -1304,6 +1304,11 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_collect_digits_count(switch_core_sess
        int sval = 0;
        const char *var;
 
+
+       if (x >= buflen || x >= maxdigits) {
+               return SWITCH_STATUS_FALSE;
+       }
+
        if ((var = switch_channel_get_variable(channel, SWITCH_SEND_SILENCE_WHEN_IDLE_VARIABLE)) && (sval = atoi(var))) {
                switch_core_session_get_read_impl(session, &imp);
 
Mirror of https://github.com/signalwire/freeswitch.git