app_dtmfstore: Avoid a potential buffer overflow.

author Sean Bright <sean@seanbright.com>

Fri, 7 Nov 2025 22:45:21 +0000 (17:45 -0500)

committer github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Wed, 12 Nov 2025 22:20:45 +0000 (22:20 +0000)
author Sean Bright <sean@seanbright.com>
Fri, 7 Nov 2025 22:45:21 +0000 (17:45 -0500)
committer github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Wed, 12 Nov 2025 22:20:45 +0000 (22:20 +0000)
diff --git a/apps/app_dtmfstore.c b/apps/app_dtmfstore.c

index fe564afefa373df6df0a268b536e5e496aad30e5..e0a6ee8d201746e8497ca66f03ce0afd3dd0de4f 100644 (file)
--- a/apps/app_dtmfstore.c
+++ b/apps/app_dtmfstore.c
@@ -170,7 +170,12 @@ static struct ast_frame *dtmf_store_framehook(struct ast_channel *chan,
                 return f;
         }
  
-       sprintf(varnamesub, "${%s}", varname);
+       len = snprintf(varnamesub, sizeof(varnamesub), "${%s}", varname);
+       if (len >= sizeof(varnamesub)) {
+               /* Not enough room, bail out */
+               return f;
+       }
+
         pbx_substitute_variables_helper(chan, varnamesub, currentdata, 511);
         /* pbx_builtin_getvar_helper works for regular vars but not CDR vars */
         if (ast_strlen_zero(currentdata)) { /* var doesn't exist yet */
author	Sean Bright <sean@seanbright.com>
	Fri, 7 Nov 2025 22:45:21 +0000 (17:45 -0500)
committer	github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
	Wed, 12 Nov 2025 22:20:45 +0000 (22:20 +0000)