[sr-dev] git:master:2415416d: sms: avoid overflowing ending 0 by sprintf()

Daniel-Constantin Mierla miconda at gmail.com
Fri Aug 11 10:22:11 CEST 2017 

Module: kamailio
Branch: master
Commit: 2415416df6bd4c599c7fde57fbaa541e2e37f9c7
URL: https://github.com/kamailio/kamailio/commit/2415416df6bd4c599c7fde57fbaa541e2e37f9c7

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-08-11T10:21:08+02:00

sms: avoid overflowing ending 0 by sprintf()

---

Modified: src/modules/sms/libsms_getsms.c

---

Diff:  https://github.com/kamailio/kamailio/commit/2415416df6bd4c599c7fde57fbaa541e2e37f9c7.diff
Patch: https://github.com/kamailio/kamailio/commit/2415416df6bd4c599c7fde57fbaa541e2e37f9c7.patch

---

diff --git a/src/modules/sms/libsms_getsms.c b/src/modules/sms/libsms_getsms.c
index 62efe0bfb6..e8c7590456 100644
--- a/src/modules/sms/libsms_getsms.c
+++ b/src/modules/sms/libsms_getsms.c
@@ -275,6 +275,8 @@ static int splitascii(struct modem *mdm, char *source, struct incame_sms *sms)
 {
 	char* start;
 	char* end;
+	char tbuf[TIME_LEN+1];
+	char dbuf[DATE_LEN+1];
 
 	/* the text is after the \r */
 	for( start=source ; *start && *start!='\r' ; start++ );
@@ -312,12 +314,14 @@ static int splitascii(struct modem *mdm, char *source, struct incame_sms *sms)
 	}
 	/* Get the date */
 	start=end+3;
-	sprintf(sms->date,"%c%c-%c%c-%c%c",start[3],start[4],start[0],start[1],
+	sprintf(dbuf,"%c%c-%c%c-%c%c",start[3],start[4],start[0],start[1],
 		start[6],start[7]);
+	memcpy(sms->date, dbuf, DATE_LEN);
 	/* Get the time */
 	start+=9;
-	sprintf(sms->time,"%c%c:%c%c:%c%c",start[0],start[1],start[3],start[4],
+	sprintf(tbuf,"%c%c:%c%c:%c%c",start[0],start[1],start[3],start[4],
 		start[7],start[7]);
+	memcpy(sms->time, tbuf, TIME_LEN);
 	sms->userdatalength=strlen(sms->ascii);
 	return 1;
 }
@@ -418,9 +422,13 @@ static int splitpdu(struct modem *mdm, char* pdu, struct incame_sms *sms)
 		if (end!=0) {
 			memcpy(sms->name,start,end-start);
 			sms->name[end-start]=0;
+		} else {
+			/*Unsupported type*/
+			return -1;
 		}
-	} else
+	} else {
 		end=pdu;
+	}
 
 	/* the pdu is after the first \r */
 	for( start=end+1 ; *start && *start!='\r' ; start++ );

More information about the sr-dev mailing list