[sr-dev] git:master:1c164473: htable: Fix buffer overrun in htable_rpc_list
Chris Double
chris.double at double.co.nz
Wed Sep 23 14:42:00 CEST 2015
Module: kamailio
Branch: master
Commit: 1c164473c6fd78318236254827a4cadbe8271463
URL: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadbe8271463
Author: Chris Double <chris.double at double.co.nz>
Committer: Chris Double <chris.double at double.co.nz>
Date: 2015-09-23T22:03:47+12:00
htable: Fix buffer overrun in htable_rpc_list
- Fix for using wrong len variable in htable_rpc_list if
ht->dbtable.len is greater than 127, causing an out of
bounds write.
---
Modified: modules/htable/htable.c
---
Diff: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadbe8271463.diff
Patch: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadbe8271463.patch
---
diff --git a/modules/htable/htable.c b/modules/htable/htable.c
index c6e2250..8339e41 100644
--- a/modules/htable/htable.c
+++ b/modules/htable/htable.c
@@ -1044,7 +1044,7 @@ static void htable_rpc_list(rpc_t* rpc, void* c)
if (ht->dbtable.len > 0) {
len = ht->dbtable.len > 127 ? 127 : ht->dbtable.len;
memcpy(dbname, ht->dbtable.s, len);
- dbname[ht->dbtable.len] = '\0';
+ dbname[len] = '\0';
} else {
dbname[0] = '\0';
}
More information about the sr-dev
mailing list