kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 19:16:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

pbx.c: prevent potential crash from recursive replace()

Browse Source 
Recurisve usage of replace() resulted in corruption of the
temporary string storage and potential crash.  By changing
the string to be allocated separtely per instance, this is
eliminated.

ASTERISK-23650 #comment Reported by: Roel van Meer
ASTERISK-23650 #close

Review: https://reviewboard.asterisk.org/r/3539/
........

Merged revisions 414214 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 414215 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 414216 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@414217 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Scott Griepentrog
2014-05-21 19:08:39 +00:00
parent 4988d4932b
commit 43bd3580e2
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
funcs/func_strings.c
View File

@@ -798,7 +798,7 @@ static int replace(struct ast_channel *chan, const char *cmd, char *data, struct
AST_APP_ARG(replace);
);
char *strptr, *varsubst;
struct ast_str *str = ast_str_thread_get(&result_buf, 16);
RAII_VAR(struct ast_str *, str, ast_str_create(16), ast_free);
char find[256]; /* Only 256 characters possible */
char replace[2] = "";
size_t unused;