Merged revisions 147681 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r147681 | kpfleming | 2008-10-08 17:22:09 -0500 (Wed, 08 Oct 2008) | 3 lines

  when parsing a text configuration option, ensure that the buffer on the stack is actually large enough to hold the legal values of that option, and also ensure that sscanf() knows to stop parsing if it would overrun the buffer (without these changes, specifying "buffers=...,immediate" would overflow the buffer on the stack, and could not have worked as expected)
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@147689 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 552b9841d375ba325fe84d0c4c2885528ebd451b..9adad9c4d880d5a6db523d65dd62d974fc59b348 100644 (file)
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -13655,8 +13655,9 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct
                                        return -1;
                } else if (!strcasecmp(v->name, "buffers")) {
                        int res;
-                       char policy[8] = "";
-                       res = sscanf(v->value, "%d,%s", &confp->chan.buf_no, policy);
+                       char policy[21] = "";
+
+                       res = sscanf(v->value, "%d,%20s", &confp->chan.buf_no, policy);
                        if (res != 2) {
                                ast_log(LOG_WARNING, "Parsing buffers option data failed, using defaults.\n");
                                confp->chan.buf_no = numbufs;