Fix a variety of potential buffer overflows
[asterisk/asterisk.git] / channels / chan_unistim.c
index 411d8f4..084df9f 100644 (file)
@@ -4089,7 +4089,7 @@ static void key_main_page(struct unistimsession *pte, char keycode)
                if (!ast_strlen_zero(pte->device->call_forward)) {
                        /* Cancel call forwarding */
                        memmove(pte->device->call_forward + 1, pte->device->call_forward,
-                                       sizeof(pte->device->call_forward));
+                                       sizeof(pte->device->call_forward) - 1);
                        pte->device->call_forward[0] = '\0';
                        send_icon(TEXT_LINE0, FAV_ICON_NONE, pte);
                        pte->device->output = OUTPUT_HANDSET;   /* Seems to be reseted somewhere */
@@ -6113,7 +6113,7 @@ static int parse_bookmark(const char *text, struct unistim_device *d)
                        ast_log(LOG_WARNING, "Invalid position %d for bookmark : already used\n:", p);
                        return 0;
                }
-               memmove(line, line + 2, sizeof(line));
+               memmove(line, line + 2, sizeof(line) - 2);
        } else {
                /* No position specified, looking for a free slot */
                for (p = 0; p <= 5; p++) {