From b98a25ef93a296263b5e22f6c81efb8fd6186031 Mon Sep 17 00:00:00 2001 From: Mark Michelson Date: Fri, 20 Jan 2012 20:26:55 +0000 Subject: [PATCH] Prevent potential buffer overflow on AMI MixMonitor command. Don't be alarmed. This only affected trunk, and it would have required manager access to your system. git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@351900 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- apps/app_mixmonitor.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/apps/app_mixmonitor.c b/apps/app_mixmonitor.c index b7d40f3f76..99dc7a4a89 100644 --- a/apps/app_mixmonitor.c +++ b/apps/app_mixmonitor.c @@ -923,9 +923,7 @@ static int manager_mixmonitor(struct mansession *s, const struct message *m) return AMI_SUCCESS; } - strcpy(args, file); - strcat(args, ","); - strcat(args, options); + snprintf(args, sizeof(args), "%s,%s", file, options); ast_channel_lock(c); res = mixmonitor_exec(c, args);