git:master:f2796ceb: dialog: increase puid size for profile to ensure null termination - sr-dev

21 Jul 2017

Module: kamailio
Branch: master
Commit: f2796ceb0a127c1a6580a9d9582ec9bc0fba6081
URL: https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9bc...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2017-07-21T08:55:04+02:00
dialog: increase puid size for profile to ensure null termination
---
Modified: src/modules/dialog/dlg_profile.c
Modified: src/modules/dialog/dlg_profile.h
Modified: src/modules/dialog/dlg_req_within.c
---
Diff:  https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9bc...
Patch: https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9bc...
---

diff --git a/src/modules/dialog/dlg_profile.c b/src/modules/dialog/dlg_profile.c
index 3576f68036..89d994616b 100644
--- a/src/modules/dialog/dlg_profile.c
+++ b/src/modules/dialog/dlg_profile.c
@@ -667,7 +667,7 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi
    }
    if(puid && puid->s && puid->len>0) {
    	if(puid->len<SRUID_SIZE) {
-			strcpy(linker->hash_linker.puid, puid->s);
+			memcpy(linker->hash_linker.puid, puid->s, puid->len);
    		linker->hash_linker.puid_len = puid->len;
    	} else {
    		LM_ERR("puid size is too large\n");
@@ -677,7 +677,8 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi
    } else {
    	sruid_next_safe(&_dlg_profile_sruid);
    	if(_dlg_profile_sruid.uid.len<SRUID_SIZE) {
-			strcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s);
+			memcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s,
+					_dlg_profile_sruid.uid.len);
    		linker->hash_linker.puid_len = _dlg_profile_sruid.uid.len;
    	} else {
    		LM_ERR("sruid size is too large\n");
diff --git a/src/modules/dialog/dlg_profile.h b/src/modules/dialog/dlg_profile.h
index 3d6c94d6d4..5c09dd6083 100644
--- a/src/modules/dialog/dlg_profile.h
+++ b/src/modules/dialog/dlg_profile.h
@@ -54,7 +54,7 @@
 typedef struct dlg_profile_hash {
    str value; /*!< hash value */
    struct dlg_cell *dlg; /*!< dialog cell */
-	char puid[SRUID_SIZE];
+	char puid[SRUID_SIZE+2];
    int puid_len;
    time_t expires;
    int flags;
diff --git a/src/modules/dialog/dlg_req_within.c b/src/modules/dialog/dlg_req_within.c
index a67b976137..d37bbbf514 100644
--- a/src/modules/dialog/dlg_req_within.c
+++ b/src/modules/dialog/dlg_req_within.c
@@ -406,7 +406,7 @@ static inline int send_bye(struct dlg_cell * cell, int dir, str *hdrs)
    			dlg_lreq_callee_headers.len);
    	lhdrs.len += dlg_lreq_callee_headers.len;
    	if(dlg_lreq_callee_headers.s[dlg_lreq_callee_headers.len-1]!='\n') {
-			strncpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN);
+			memcpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN);
    		lhdrs.len += CRLF_LEN;
    	}
    }

    