Prevent crashes in res_xmpp when receiving large messages
authorMatthew Jordan <mjordan@digium.com>
Thu, 3 Jan 2013 15:37:31 +0000 (15:37 +0000)
committerMatthew Jordan <mjordan@digium.com>
Thu, 3 Jan 2013 15:37:31 +0000 (15:37 +0000)
Similar to r378287, res_xmpp was marshaling data read from an external source
onto the stack. For a sufficiently large message, this could cause a stack
overflow. This patch modifies res_xmpp in a similar fashion to res_jabber by
removing the stack allocation, as it was unnecessary.

(issue ASTERISK-20658)
Reported by: wdoekes
........

Merged revisions 378409 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378410 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/res_xmpp.c

index 77369c4..d490ee5 100644 (file)
@@ -1846,7 +1846,7 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch
 {
        RAII_VAR(struct xmpp_config *, cfg, ao2_global_obj_ref(globals), ao2_cleanup);
        RAII_VAR(struct ast_xmpp_client_config *, clientcfg, NULL, ao2_cleanup);
-       char *aux = NULL, *parse = NULL;
+       char *parse = NULL;
        int timeout, jidlen, resourcelen, found = 0;
        struct timeval start;
        long diff = 0;
@@ -1960,7 +1960,7 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch
                                continue;
                        }
                        found = 1;
-                       aux = ast_strdupa(message->message);
+                       ast_copy_string(buf, message->message, buflen);
                        AST_LIST_REMOVE_CURRENT(list);
                        xmpp_message_destroy(message);
                        break;
@@ -1984,7 +1984,6 @@ static int acf_jabberreceive_read(struct ast_channel *chan, const char *name, ch
                ast_log(LOG_NOTICE, "Timed out : no message received from %s\n", args.jid);
                return -1;
        }
-       ast_copy_string(buf, aux, buflen);
 
        return 0;
 }