From: Joshua Colp <jcolp@digium.com>
Date: Wed, 2 Sep 2015 17:41:10 +0000 (-0300)
Subject: pbx: Fix crash when issuing "core show hints" with long pattern match.
X-Git-Tag: 13.6.0-rc1~61
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc1363209e7a5b6c67bf96c593e3beb0884c1fb0;p=thirdparty%2Fasterisk.git

pbx: Fix crash when issuing "core show hints" with long pattern match.

When issuing the "core show hints" CLI command a combination of both
the hint extension and context is created. This uses a fixed size
buffer expecting that the extension will not exceed maximum extension
length. When the extension is actually a pattern match this constraint
does not hold true, and the extension may exceed the maximum extension
length. In this case extra characters are written past the end of the
fixed size buffer.

This change makes it so the construction of the combined hint extension
and context can not exceed the size of the buffer.

ASTERISK-25367 #close

Change-Id: Idfa1b95d0d4dc38e675be7c1de8900b3f981f499
---

diff --git a/main/pbx.c b/main/pbx.c
index b34a060ba5..d0a836ab94 100644
--- a/main/pbx.c
+++ b/main/pbx.c
@@ -7524,7 +7524,7 @@ static char *handle_show_hints(struct ast_cli_entry *e, int cmd, struct ast_cli_
 			continue;
 		}
 		watchers = ao2_container_count(hint->callbacks);
-		sprintf(buf, "%s@%s",
+		snprintf(buf, sizeof(buf), "%s@%s",
 			ast_get_extension_name(hint->exten),
 			ast_get_context_name(ast_get_extension_context(hint->exten)));