Truncate userevents at the end of a line, when the command exceeds the buffer.

author Tilghman Lesher <tilghman@meg.abyt.es>

Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)

committer Tilghman Lesher <tilghman@meg.abyt.es>

Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)
author Tilghman Lesher <tilghman@meg.abyt.es>
Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)
committer Tilghman Lesher <tilghman@meg.abyt.es>
Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)
diff --git a/apps/app_userevent.c b/apps/app_userevent.c

index df7bc58a79fabf436ed716f0be85c14a66dc7464..dd80003768f610a3bb52c95bb6f4c57a5ef97d7d 100644 (file)
--- a/apps/app_userevent.c
+++ b/apps/app_userevent.c
@@ -59,7 +59,7 @@ static int userevent_exec(struct ast_channel *chan, void *data)
  {
         struct ast_module_user *u;
         char *parse, buf[2048] = "";
-       int x, buflen = 0;
+       int x, buflen = 0, xlen;
         AST_DECLARE_APP_ARGS(args,
                 AST_APP_ARG(eventname);
                 AST_APP_ARG(extra)[100];
@@ -77,8 +77,13 @@ static int userevent_exec(struct ast_channel *chan, void *data)
         AST_STANDARD_APP_ARGS(args, parse);
  
         for (x = 0; x < args.argc - 1; x++) {
-               ast_copy_string(buf + buflen, args.extra[x], sizeof(buf) - buflen - 2);
-               buflen += strlen(args.extra[x]);
+               /* Stop once a header comes up that exceeds our buffer. */
+               if (sizeof(buf) <= buflen + (xlen = strlen(args.extra[x])) + 3) {
+                       ast_log(LOG_WARNING, "UserEvent exceeds our buffer length!  Truncating.\n");
+                       break;
+               }
+               ast_copy_string(buf + buflen, args.extra[x], sizeof(buf) - buflen - 3);
+               buflen += xlen;
                 ast_copy_string(buf + buflen, "\r\n", 3);
                 buflen += 2;
         }
diff --git a/main/manager.c b/main/manager.c

index c0245ad2a16f3f12ce794258dc37886817dad9a7..7f436ad9487abb21cf21b6d75d51e3b55c577317 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -2142,11 +2142,15 @@ static int action_userevent(struct mansession *s, const struct message *m)
  {
         const char *event = astman_get_header(m, "UserEvent");
         char body[2048] = "";
-       int x, bodylen = 0;
+       int x, bodylen = 0, xlen;
         for (x = 0; x < m->hdrcount; x++) {
                 if (strncasecmp("UserEvent:", m->headers[x], strlen("UserEvent:"))) {
+                       if (sizeof(body) < bodylen + (xlen = strlen(m->headers[x])) + 3) {
+                               ast_log(LOG_WARNING, "UserEvent exceeds our buffer length.  Truncating.\n");
+                               break;
+                       }
                         ast_copy_string(body + bodylen, m->headers[x], sizeof(body) - bodylen - 3);
-                       bodylen += strlen(m->headers[x]);
+                       bodylen += xlen;
                         ast_copy_string(body + bodylen, "\r\n", 3);
                         bodylen += 2;
                 }
author	Tilghman Lesher <tilghman@meg.abyt.es>
	Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)
committer	Tilghman Lesher <tilghman@meg.abyt.es>
	Mon, 19 Jan 2009 19:49:25 +0000 (19:49 +0000)
apps/app_userevent.c		patch \| blob \| blame \| history
main/manager.c		patch \| blob \| blame \| history