AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun
authorRichard Mudgett <rmudgett@digium.com>
Tue, 3 Oct 2017 21:19:52 +0000 (16:19 -0500)
committerGeorge Joseph <gjoseph@digium.com>
Wed, 8 Nov 2017 12:41:12 +0000 (05:41 -0700)
commitb358e441cd64e8047558519f34a96a95cfe80e48
tree9f1476d799c0de7a9e3ccb91be0ed947e81b5031
parentb7f64c30e23392b5191b36fa6e16b18f575bf121
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

cdr_object_update_party_b_userfield_cb() could overrun the fixed buffer if
the supplied string is too long.  The long string could be supplied by
external means using the CDR(userfield) function.

This may seem reminiscent to AST-2017-001 (ASTERISK_26897) and it is.  The
earlier patch fixed the buffer overrun for Party A's userfield while this
patch fixes the same thing for Party B's userfield.

ASTERISK-27337

Change-Id: I0fa767f65ecec7e676ca465306ff9e0edbf3b652
main/cdr.c