Merged revisions 84370 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r84370 | russell | 2007-10-02 09:12:35 -0500 (Tue, 02 Oct 2007) | 6 lines

Use snprintf instead of sprintf in one place.  There is no vulnerability here
due to various buffer sizes around the code, but I still didn't like seeing a
non length-limited copy of data coming off of the wire into a stack buffer, as
this would be a problem in the future if buffer sizes elsewhere got changed or
size limitations removed ...

........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@84371 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 2bd516b..5a99df4 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -7737,7 +7737,7 @@ static int transmit_invite(struct sip_pvt *p, int sipmethod, int sdp, int init)
                        if (!ast_strlen_zero(p->refer->refer_to))
                                add_header(&req, "Refer-To", p->refer->refer_to);
                        if (!ast_strlen_zero(p->refer->referred_by)) {
-                               sprintf(buf, "%s <%s>", p->refer->referred_by_name, p->refer->referred_by);
+                               snprintf(buf, sizeof(buf), "%s <%s>", p->refer->referred_by_name, p->refer->referred_by);
                                add_header(&req, "Referred-By", buf);
                        }
                }