From: Tilghman Lesher Date: Mon, 4 Jan 2010 21:45:46 +0000 (+0000) Subject: Bounds checking for input string X-Git-Tag: 1.4.29-rc1~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6dd970ce9b2ba96473a20b981c77fae0a9c9b016;p=thirdparty%2Fasterisk.git Bounds checking for input string (closes issue #16407) Reported by: qwell Patches: 20100104__issue16407.diff.txt uploaded by tilghman (license 14) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@237573 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/main/say.c b/main/say.c index 507c3c3e2f..064366022e 100644 --- a/main/say.c +++ b/main/say.c @@ -3253,9 +3253,9 @@ int ast_say_date_with_format_en(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -3501,9 +3501,9 @@ int ast_say_date_with_format_da(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -3706,9 +3706,9 @@ int ast_say_date_with_format_de(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -3938,9 +3938,9 @@ int ast_say_date_with_format_he(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -4093,9 +4093,9 @@ int ast_say_date_with_format_es(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile); res = wait_file(chan,ints,nextmsg,lang); @@ -4285,9 +4285,9 @@ int ast_say_date_with_format_fr(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -4483,9 +4483,9 @@ int ast_say_date_with_format_it(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) - sndfile[sndoffset] = format[offset]; + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { + sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -4716,9 +4716,9 @@ int ast_say_date_with_format_nl(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -4922,9 +4922,9 @@ int ast_say_date_with_format_pl(struct ast_channel *chan, time_t thetime, const /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset = 0; - for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan, ints, sndfile, lang); break; @@ -5140,9 +5140,9 @@ int ast_say_date_with_format_pt(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; snprintf(nextmsg,sizeof(nextmsg), "%s", sndfile); res = wait_file(chan,ints,nextmsg,lang); @@ -5430,9 +5430,9 @@ int ast_say_date_with_format_zh(struct ast_channel *chan, time_t time, const cha /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break; @@ -6807,9 +6807,9 @@ static int ast_say_date_with_format_gr(struct ast_channel *chan, time_t time, co /* NOTE: if you add more options here, please try to be consistent with strftime(3) */ case '\'': /* Literal name of a sound file */ - sndoffset=0; - for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) + for (sndoffset = 0; !strchr("\'\0", format[++offset]) && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) { sndfile[sndoffset] = format[offset]; + } sndfile[sndoffset] = '\0'; res = wait_file(chan,ints,sndfile,lang); break;