Merged revisions 59182 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r59182 | kpfleming | 2007-03-22 16:40:01 -0700 (Thu, 22 Mar 2007) | 2 lines

don't allow string input to overrun the buffer to hold it (ASA-2007-010)

........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@59183 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 07e5099..9345a33 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -5494,15 +5494,15 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req)
                                        ast_log(LOG_DEBUG, "Transcoding JBIG: %d\n",x);
                                if (x == 1)
                                        peert38capability |= T38FAX_TRANSCODING_JBIG;
-                       } else if ((sscanf(a, "T38FaxRateManagement:%s", s) == 1)) {
+                       } else if ((sscanf(a, "T38FaxRateManagement:%255s", s) == 1)) {
                                found = 1;
                                if (option_debug > 2)
-                                       ast_log(LOG_DEBUG, "RateMangement: %s\n", s);
+                                       ast_log(LOG_DEBUG, "RateManagement: %s\n", s);
                                if (!strcasecmp(s, "localTCF"))
                                        peert38capability |= T38FAX_RATE_MANAGEMENT_LOCAL_TCF;
                                else if (!strcasecmp(s, "transferredTCF"))
                                        peert38capability |= T38FAX_RATE_MANAGEMENT_TRANSFERED_TCF;
-                       } else if ((sscanf(a, "T38FaxUdpEC:%s", s) == 1)) {
+                       } else if ((sscanf(a, "T38FaxUdpEC:%255s", s) == 1)) {
                                found = 1;
                                if (option_debug > 2)
                                        ast_log(LOG_DEBUG, "UDP EC: %s\n", s);