]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
res_pjsip_dtmf_info: NULL terminate the message body. 49/2349/2
authorJoshua Colp <jcolp@digium.com>
Thu, 3 Mar 2016 14:26:10 +0000 (10:26 -0400)
committerJoshua Colp <jcolp@digium.com>
Thu, 3 Mar 2016 16:42:57 +0000 (12:42 -0400)
PJSIP does not ensure that when printing the message body the
buffer will be NULL terminated. This is problematic when searching
for the signal and duration values of the DTMF.

This change ensures the buffer is always NULL terminated.

Change-Id: I52653a1a60c93092d06af31a27408d569cc98968

res/res_pjsip_dtmf_info.c

index 7b52250c829a21639d581dc06565db727b9d665e..ede515d1cd0f1d17664ed7390849ad512645fb55 100644 (file)
@@ -82,14 +82,13 @@ static char get_event(const char *c)
 static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
 {
        pjsip_msg_body *body = rdata->msg_info.msg->body;
-       char buf[body ? body->len : 0];
+       char buf[body ? body->len + 1 : 1];
        char *cur = buf;
        char *line;
-
        char event = '\0';
        unsigned int duration = 100;
-
        char is_dtmf;
+       int res;
 
        if (!session->channel) {
                return 0;
@@ -107,7 +106,12 @@ static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pj
                return 0;
        }
 
-       body->print_body(body, buf, body->len);
+       res = body->print_body(body, buf, body->len);
+       if (res < 0) {
+               send_response(session, rdata, 500);
+               return 0;
+       }
+       buf[res] = '\0';
 
        if (is_dtmf) {
                /* directly use what is in the message body */