kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-03 04:16:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid reads/writes due to incorrect sizeof().

Browse Source 
These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *).  The correct way to get the size of this address is to
use h_length.  This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.
........

Merged revisions 359211 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 359212 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359213 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Russell Bryant
2012-03-14 10:05:07 +00:00
parent 6ac425df31
commit 6c9f009b6d
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/app_externalivr.c
View File

@@ -515,7 +515,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
ast_gethostbyname(hostname, &hp); ast_gethostbyname(hostname, &hp);
remote_address_tmp.sin_family = AF_INET; remote_address_tmp.sin_family = AF_INET;
remote_address_tmp.sin_port = htons(port); remote_address_tmp.sin_port = htons(port);
memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, sizeof(hp.hp.h_addr)); memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp); ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp);
if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) { if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) {
goto exit; goto exit;

4
channels/chan_iax2.c
View File

@@ -4354,7 +4354,7 @@ static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in
if (!strcasecmp(tmp->name, "host")) { if (!strcasecmp(tmp->name, "host")) {
struct ast_hostent ahp; struct ast_hostent ahp;
struct hostent *hp; struct hostent *hp;
if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) { if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
/* No match */ /* No match */
ast_variables_destroy(var); ast_variables_destroy(var);
var = NULL; var = NULL;
@@ -4466,7 +4466,7 @@ static struct iax2_user *realtime_user(const char *username, struct sockaddr_in
if (!strcasecmp(tmp->name, "host")) { if (!strcasecmp(tmp->name, "host")) {
struct ast_hostent ahp; struct ast_hostent ahp;
struct hostent *hp; struct hostent *hp;
if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) { if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
/* No match */ /* No match */
ast_variables_destroy(var); ast_variables_destroy(var);
var = NULL; var = NULL;