Add a check to key_dial_page() to ensure that dialed digits won't overrun
the phone_number field.
Resolves: #GHSA-3g56-cgrh-95p5
struct unistim_device *next;
} *devices = NULL;
+#define MAX_PHONE_NUMBER_LENGTH (AST_MAX_EXTENSION - 1)
+
static struct unistimsession {
ast_mutex_t lock;
struct sockaddr_in sin; /*!< IP address of the phone */
if ((keycode >= KEY_0) && (keycode <= KEY_SHARP)) {
int i = pte->device->size_phone_number;
+ /*
+ * If the phone_number buffer is already full, bail now to prevent an overrun.
+ */
+ if (pte->device->size_phone_number >= MAX_PHONE_NUMBER_LENGTH) {
+ return;
+ }
if (pte->device->size_phone_number == 0) {
send_tone(pte, 0, 0);
}