res_pjsip_dtmf_info: NULL terminate the message body.

PJSIP does not ensure that when printing the message body the
buffer will be NULL terminated. This is problematic when searching
for the signal and duration values of the DTMF.

This change ensures the buffer is always NULL terminated.

Change-Id: I52653a1a60c93092d06af31a27408d569cc98968

diff --git a/res/res_pjsip_dtmf_info.c b/res/res_pjsip_dtmf_info.c
index 78d529c30b1099e74ce6995ebe8ba62a318c8ea9..47ccd1ae5cd6cfc792ace3d3f0a5176b13408f28 100644 (file)
--- a/res/res_pjsip_dtmf_info.c
+++ b/res/res_pjsip_dtmf_info.c
@@ -82,14 +82,13 @@ static char get_event(const char *c)
 static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pjsip_rx_data *rdata)
 {
        pjsip_msg_body *body = rdata->msg_info.msg->body;
-       char buf[body ? body->len : 0];
+       char buf[body ? body->len + 1 : 1];
        char *cur = buf;
        char *line;
-
        char event = '\0';
        unsigned int duration = 100;
-
        char is_dtmf;
+       int res;
 
        if (!session->channel) {
                return 0;
@@ -107,7 +106,12 @@ static int dtmf_info_incoming_request(struct ast_sip_session *session, struct pj
                return 0;
        }
 
-       body->print_body(body, buf, body->len);
+       res = body->print_body(body, buf, body->len);
+       if (res < 0) {
+               send_response(session, rdata, 500);
+               return 0;
+       }
+       buf[res] = '\0';
 
        if (is_dtmf) {
                /* directly use what is in the message body */