From: Corey Farrell <git@cfware.com>
Date: Mon, 27 Mar 2017 14:03:49 +0000 (-0400)
Subject: CDR: Protect from data overflow in ast_cdr_setuserfield.
X-Git-Tag: 14.5.0-rc1~63
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8df68c62dea23bda2c131fb34ff70a8daf28cd3;p=thirdparty%2Fasterisk.git

CDR: Protect from data overflow in ast_cdr_setuserfield.

ast_cdr_setuserfield wrote to a fixed length field using strcpy. This could
result in a buffer overrun when called from chan_sip or func_cdr. This patch
adds a maximum bytes written to the field by using ast_copy_string instead.

ASTERISK-26897 #close
patches:
  0001-CDR-Protect-from-data-overflow-in-ast_cdr_setuserfie.patch submitted
    by Corey Farrell (license #5909)

Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
---

diff --git a/main/cdr.c b/main/cdr.c
index 005f68cbfc..4bcfc05b39 100644
--- a/main/cdr.c
+++ b/main/cdr.c
@@ -3280,7 +3280,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield)
 			if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
 				continue;
 			}
-			strcpy(it_cdr->party_a.userfield, userfield);
+			ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
 		}
 		ao2_unlock(cdr);
 	}