From: Kevin P. Fleming Date: Wed, 8 Oct 2008 22:22:09 +0000 (+0000) Subject: when parsing a text configuration option, ensure that the buffer on the stack is... X-Git-Tag: 1.4.23-rc1~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7be4318bb567c925e5d7e1827e30e4d29ac45dd;p=thirdparty%2Fasterisk.git when parsing a text configuration option, ensure that the buffer on the stack is actually large enough to hold the legal values of that option, and also ensure that sscanf() knows to stop parsing if it would overrun the buffer (without these changes, specifying "buffers=...,immediate" would overflow the buffer on the stack, and could not have worked as expected) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@147681 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index 476a24c628..60b6d2d9ff 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -10990,8 +10990,9 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct return -1; } else if (!strcasecmp(v->name, "buffers")) { int res; - char policy[8] = ""; - res = sscanf(v->value, "%d,%s", &confp->chan.buf_no, policy); + char policy[21] = ""; + + res = sscanf(v->value, "%d,%20s", &confp->chan.buf_no, policy); if (res != 2) { ast_log(LOG_WARNING, "Parsing buffers option data failed, using defaults.\n"); confp->chan.buf_no = numbufs;