Fix potential buffer overflow that could happen if more than 100 announce files

were specified when calling ParkAndAnnounce. This overflow is not exploitable remotely
and so there is no need for a security advisory.

(closes issue #12386)
Reported by: davidw

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@113507 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_parkandannounce.c b/apps/app_parkandannounce.c
index b4e9006fb39b780a8b3812ec18a5a8139b053cce..0e89c73ac0a0be8a9f5ae122e79a9e1e98d46ea7 100644 (file)
--- a/apps/app_parkandannounce.c
+++ b/apps/app_parkandannounce.c
@@ -211,7 +211,7 @@ static int parkandannounce_exec(struct ast_channel *chan, void *data)
        tpl_working = template;
        tpl_current=strsep(&tpl_working, ":");
 
-       while(tpl_current && looptemp < sizeof(tmp)) {
+       while(tpl_current && looptemp < ARRAY_LEN(tmp)) {
                tmp[looptemp]=tpl_current;
                looptemp++;
                tpl_current=strsep(&tpl_working,":");