Prevent potential buffer overflow on AMI MixMonitor command.
authorMark Michelson <mmichelson@digium.com>
Fri, 20 Jan 2012 20:26:55 +0000 (20:26 +0000)
committerMark Michelson <mmichelson@digium.com>
Fri, 20 Jan 2012 20:26:55 +0000 (20:26 +0000)
Don't be alarmed. This only affected trunk, and it would have
required manager access to your system.

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@351900 65c4cc65-6c06-0410-ace0-fbb531ad65f3

apps/app_mixmonitor.c

index b7d40f3..99dc7a4 100644 (file)
@@ -923,9 +923,7 @@ static int manager_mixmonitor(struct mansession *s, const struct message *m)
                return AMI_SUCCESS;
        }
 
-       strcpy(args, file);
-       strcat(args, ",");
-       strcat(args, options);
+       snprintf(args, sizeof(args), "%s,%s", file, options);
 
        ast_channel_lock(c);
        res = mixmonitor_exec(c, args);