From: Sean Bright <sean@seanbright.com>
Date: Fri, 7 Nov 2025 22:45:21 +0000 (-0500)
Subject: app_dtmfstore: Avoid a potential buffer overflow.
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=61b2538e9b745b67fbe034d884b8e085b89538da;p=thirdparty%2Fasterisk.git

app_dtmfstore: Avoid a potential buffer overflow.

Prefer snprintf() so we can readily detect if our output was
truncated.

Resolves: #1421
---

diff --git a/apps/app_dtmfstore.c b/apps/app_dtmfstore.c
index fe564afefa..e0a6ee8d20 100644
--- a/apps/app_dtmfstore.c
+++ b/apps/app_dtmfstore.c
@@ -170,7 +170,12 @@ static struct ast_frame *dtmf_store_framehook(struct ast_channel *chan,
 		return f;
 	}
 
-	sprintf(varnamesub, "${%s}", varname);
+	len = snprintf(varnamesub, sizeof(varnamesub), "${%s}", varname);
+	if (len >= sizeof(varnamesub)) {
+		/* Not enough room, bail out */
+		return f;
+	}
+
 	pbx_substitute_variables_helper(chan, varnamesub, currentdata, 511);
 	/* pbx_builtin_getvar_helper works for regular vars but not CDR vars */
 	if (ast_strlen_zero(currentdata)) { /* var doesn't exist yet */