From: Russell Bryant <russell@russellbryant.com>
Date: Thu, 13 Mar 2008 20:26:28 +0000 (+0000)
Subject: Fix a couple uses of sprintf.  The second one could actually cause an overflow
X-Git-Tag: 1.4.19-rc3~20
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=269d0aa7e88c7c319a049aa0b4863fa834c1d25d;p=thirdparty%2Fasterisk.git

Fix a couple uses of sprintf.  The second one could actually cause an overflow
of a stack buffer.  It's not a security issue though, it only depends on your
configuration.


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108469 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/apps/app_followme.c b/apps/app_followme.c
index 78f5c70cf4..d383cf9895 100644
--- a/apps/app_followme.c
+++ b/apps/app_followme.c
@@ -818,9 +818,9 @@ static void findmeexec(struct fm_args *tpargs)
 			}
 
 			if (!strcmp(tpargs->context, ""))
-				sprintf(dialarg, "%s", number);
+				snprintf(dialarg, sizeof(dialarg), "%s", number);
 			else
-				sprintf(dialarg, "%s@%s", number, tpargs->context);
+				snprintf(dialarg, sizeof(dialarg), "%s@%s", number, tpargs->context);
 					
 			tmpuser = ast_calloc(1, sizeof(*tmpuser));
 			if (!tmpuser) {