Module: kamailio
Branch: master
Commit: 441acf646fa9cf2fd1733f05397a43245b98d322
URL:
https://github.com/kamailio/kamailio/commit/441acf646fa9cf2fd1733f05397a432…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2017-12-19T10:07:26+01:00
app_java: fix writing over the size of allocated buffer
---
Modified: src/modules/app_java/java_iface.c
---
Diff:
https://github.com/kamailio/kamailio/commit/441acf646fa9cf2fd1733f05397a432…
Patch:
https://github.com/kamailio/kamailio/commit/441acf646fa9cf2fd1733f05397a432…
---
diff --git a/src/modules/app_java/java_iface.c b/src/modules/app_java/java_iface.c
index 9d68711247..0535591055 100644
--- a/src/modules/app_java/java_iface.c
+++ b/src/modules/app_java/java_iface.c
@@ -120,6 +120,7 @@ int java_exec(struct sip_msg *msgp, int is_static, int
is_synchronized,
jclass cls;
jmethodID invk_method, invk_method_ref;
jvalue *jparam;
+ int r;
if(signature == NULL || !strcmp(signature, "")) {
LM_ERR("%s: java_method_exec(): signature is empty or invalid.\n",
@@ -149,14 +150,19 @@ int java_exec(struct sip_msg *msgp, int is_static, int
is_synchronized,
cslen = strlen(signature) + 2 + 1
+ 1; // '(' + 'signature' + ')' + 'return signature' +
null terminator
- cs = (char *)pkg_malloc(cslen * sizeof(char));
+ cs = (char *)pkg_malloc((cslen+1) * sizeof(char));
if(!cs) {
LM_ERR("%s: pkg_malloc() has failed. Can't allocate %lu bytes. Not "
"enough memory!\n",
APP_NAME, (unsigned long)cslen);
return -1;
}
- snprintf(cs, cslen, "(%s)%s", signature, retval_sig);
+ r = snprintf(cs, cslen, "(%s)%s", signature, retval_sig);
+ if(r<0 || r>cslen) {
+ LM_ERR("building cs value failed\n");
+ pkg_free(cs);
+ return -1;
+ }
cs[cslen] = '\0';
// attach to current thread