From: Russell Bryant <russell@russellbryant.com>
Date: Wed, 14 Mar 2012 10:04:03 +0000 (+0000)
Subject: Fix invalid reads/writes due to incorrect sizeof().
X-Git-Tag: 10.3.0~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40cc905d8651c20e7cb38ac41146e677072d65fb;p=thirdparty%2Fasterisk.git

Fix invalid reads/writes due to incorrect sizeof().

These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *).  The correct way to get the size of this address is to
use h_length.  This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.
........

Merged revisions 359211 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@359212 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
index 4eb99c1bbe..0e83e2883f 100644
--- a/apps/app_externalivr.c
+++ b/apps/app_externalivr.c
@@ -515,7 +515,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
 		ast_gethostbyname(hostname, &hp);
 		remote_address_tmp.sin_family = AF_INET;
 		remote_address_tmp.sin_port = htons(port);
-		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, sizeof(hp.hp.h_addr));
+		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
 		ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp);
 		if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) {
 			goto exit;
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index c5234f0500..ab679557dc 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -4445,7 +4445,7 @@ static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;
@@ -4557,7 +4557,7 @@ static struct iax2_user *realtime_user(const char *username, struct sockaddr_in
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;