[sr-dev] git:master:0666abf8: uac: use snprintf() instead of sprintf()
Daniel-Constantin Mierla
miconda at gmail.com
Mon Nov 18 18:06:14 CET 2019
Module: kamailio
Branch: master
Commit: 0666abf851bc5916b7700a30077ee954f695b862
URL: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-11-18T18:05:50+01:00
uac: use snprintf() instead of sprintf()
---
Modified: src/modules/uac/replace.c
---
Diff: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862.diff
Patch: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862.patch
---
diff --git a/src/modules/uac/replace.c b/src/modules/uac/replace.c
index 8da8fc7441..0b489144a7 100644
--- a/src/modules/uac/replace.c
+++ b/src/modules/uac/replace.c
@@ -568,6 +568,7 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
int i;
int_str avp_value;
int flag;
+ int bsize;
/* we should process only sequential request, but since we are looking
* for Route param, the test is not really required -bogdan */
@@ -589,15 +590,20 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
goto failed;
}
- add_to_rr.s = pkg_malloc(3+rr_param->len+param_val.len);
+ bsize = 3+rr_param->len+param_val.len;
+ add_to_rr.s = pkg_malloc(bsize);
if ( add_to_rr.s==0 ) {
add_to_rr.len = 0;
LM_ERR("no more pkg mem\n");
goto failed;
}
- add_to_rr.len = sprintf(add_to_rr.s, ";%.*s=%.*s",
+ add_to_rr.len = snprintf(add_to_rr.s, bsize, ";%.*s=%.*s",
rr_param->len, rr_param->s, param_val.len, param_val.s);
+ if(add_to_rr.len<0 || add_to_rr.len>=bsize) {
+ LM_ERR("printing rr param failed\n");
+ goto failed;
+ }
if ( uac_rrb.add_rr_param(msg, &add_to_rr)!=0 ) {
LM_ERR("add rr param failed\n");
goto failed;
More information about the sr-dev
mailing list