chan_iax2: Fix use of uninited memory in try_transfer.

- if newip contained the right stack garbage, it would overwrite the
  correct IP
- memmove was unnecessary

Reported by: saltsa (on IRC)

Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index ac6eb03ed9c6a1d9692d8d23e3add8adf6e48ff6..486574244c3811c715d97170b994cc5adbc1c369 100644 (file)
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -8505,24 +8505,17 @@ static int iax2_do_register_s(const void *data)
 
 static int try_transfer(struct chan_iax2_pvt *pvt, struct iax_ies *ies)
 {
-       int newcall = 0;
-       char newip[256];
        struct iax_ie_data ied;
-       struct sockaddr_in new = { 0, };
 
        memset(&ied, 0, sizeof(ied));
-       if (ies->apparent_addr)
-               memmove(&new, ies->apparent_addr, sizeof(new));
-       if (ies->callno)
-               newcall = ies->callno;
-       if (!newcall || !new.sin_addr.s_addr || !new.sin_port) {
+       if (!ies->callno || !ies->apparent_addr ||
+                       !ies->apparent_addr->sin_addr.s_addr ||
+                       !ies->apparent_addr->sin_port) {
                ast_log(LOG_WARNING, "Invalid transfer request\n");
                return -1;
        }
-       pvt->transfercallno = newcall;
-       memcpy(&pvt->transfer, &new, sizeof(pvt->transfer));
-       inet_aton(newip, &pvt->transfer.sin_addr);
-       pvt->transfer.sin_family = AF_INET;
+       pvt->transfercallno = ies->callno;
+       memcpy(&pvt->transfer, ies->apparent_addr, sizeof(pvt->transfer));
        pvt->transferid = ies->transferid;
        /* only store by transfercallno if this is a new transfer,
         * just in case we get a duplicate TXREQ */