[Kamailio-Devel] Bugs in imc module
Jan Janak
jan at iptel.org
Sun Mar 8 14:43:32 CET 2009
The imc module relies on using snprintf extensively, but it does not check the
return value of the function properly:
body.len = snprintf(body.s, IMC_BUF_SIZE,
"invalid command '%.*s' - send ''%.*shelp' for details",
cmd->name.len, cmd->name.s, imc_cmd_start_str.len,
imc_cmd_start_str.s);
if(body.len<=0)
The test if(body.len<=0) is just plain wrong, because snprintf returns the
number of characters that would have been written had the buffer been large
enough.
The test for the case above should be something like:
if (body.len < 0 || body.len >= IMC_BUF_SIZE)
See the manpage of snprintf for more details.
Jan.
More information about the Devel
mailing list