From: Kevin P. Fleming <kpfleming@digium.com>
Date: Thu, 22 Mar 2007 23:40:01 +0000 (+0000)
Subject: don't allow string input to overrun the buffer to hold it (ASA-2007-010)
X-Git-Tag: 1.4.7.1~536
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cf58b2ba46ef2d68e4beed261000e9ecc8dcb1e3;p=thirdparty%2Fasterisk.git

don't allow string input to overrun the buffer to hold it (ASA-2007-010)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@59182 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 5bec967963..55b911ac3b 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -5091,15 +5091,15 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req)
 					ast_log(LOG_DEBUG, "Transcoding JBIG: %d\n",x);
 				if (x == 1)
 					peert38capability |= T38FAX_TRANSCODING_JBIG;
-			} else if ((sscanf(a, "T38FaxRateManagement:%s", s) == 1)) {
+			} else if ((sscanf(a, "T38FaxRateManagement:%255s", s) == 1)) {
 				found = 1;
 				if (option_debug > 2)
-					ast_log(LOG_DEBUG, "RateMangement: %s\n", s);
+					ast_log(LOG_DEBUG, "RateManagement: %s\n", s);
 				if (!strcasecmp(s, "localTCF"))
 					peert38capability |= T38FAX_RATE_MANAGEMENT_LOCAL_TCF;
 				else if (!strcasecmp(s, "transferredTCF"))
 					peert38capability |= T38FAX_RATE_MANAGEMENT_TRANSFERED_TCF;
-			} else if ((sscanf(a, "T38FaxUdpEC:%s", s) == 1)) {
+			} else if ((sscanf(a, "T38FaxUdpEC:%255s", s) == 1)) {
 				found = 1;
 				if (option_debug > 2)
 					ast_log(LOG_DEBUG, "UDP EC: %s\n", s);