[sr-dev] git:master:0666abf8: uac: use snprintf() instead of sprintf()

Daniel-Constantin Mierla miconda at gmail.com
Mon Nov 18 18:06:14 CET 2019


Module: kamailio
Branch: master
Commit: 0666abf851bc5916b7700a30077ee954f695b862
URL: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2019-11-18T18:05:50+01:00

uac: use snprintf() instead of sprintf()

---

Modified: src/modules/uac/replace.c

---

Diff:  https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862.diff
Patch: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee954f695b862.patch

---

diff --git a/src/modules/uac/replace.c b/src/modules/uac/replace.c
index 8da8fc7441..0b489144a7 100644
--- a/src/modules/uac/replace.c
+++ b/src/modules/uac/replace.c
@@ -568,6 +568,7 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
 	int i;
 	int_str avp_value;
 	int flag;
+	int bsize;
 
 	/* we should process only sequential request, but since we are looking
 	 * for Route param, the test is not really required -bogdan */
@@ -589,15 +590,20 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp,
 		goto failed;
 	}
 
-	add_to_rr.s = pkg_malloc(3+rr_param->len+param_val.len);
+	bsize = 3+rr_param->len+param_val.len;
+	add_to_rr.s = pkg_malloc(bsize);
 	if ( add_to_rr.s==0 ) {
 		add_to_rr.len = 0;
 		LM_ERR("no more pkg mem\n");
 		goto failed;
 	}
-	add_to_rr.len = sprintf(add_to_rr.s, ";%.*s=%.*s",
+	add_to_rr.len = snprintf(add_to_rr.s, bsize, ";%.*s=%.*s",
 			rr_param->len, rr_param->s, param_val.len, param_val.s);
 
+	if(add_to_rr.len<0 || add_to_rr.len>=bsize) {
+		LM_ERR("printing rr param failed\n");
+		goto failed;
+	}
 	if ( uac_rrb.add_rr_param(msg, &add_to_rr)!=0 ) {
 		LM_ERR("add rr param failed\n");
 		goto failed;




More information about the sr-dev mailing list