Summary: | ASTERISK-03440: use snprintf instead of sprintf when filling variables..... | ||
Reporter: | Roy Sigurd Karlsbakk (rkarlsba) | Labels: | |
Date Opened: | 2005-02-06 16:36:07.000-0600 | Date Closed: | 2005-02-10 23:30:13.000-0600 |
Priority: | Trivial | Regression? | No |
Status: | Closed/Complete | Components: | Core/General |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) asterisk-addons-mysqlstuff.patch | |
Description: | in asterisk-addons, the mysql-vm-routines.h contains lots of sprintf statemensts for setting a 'char query[something]'. This is never checked by length, and could so be a security hazard. | ||
Comments: | By: Mark Spencer (markster) 2005-02-06 16:59:18.000-0600 Okay mysql-vm-routines is definitely obsolete for CVS head, so I went ahead and removed it from CVS head, and will mark it resolved for Russell to look at for CVS stable. Thanks! By: Brian West (bkw918) 2005-02-06 17:01:37.000-0600 Thanks for the patch but for clarity you need to do this: snprintf(query, sizeof(query - 1), "SELECT password,fullname,email,pager,options FROM users WHERE context='%s' AND mailbox='%s'", context, mailbox); Also is query[240] really large enough? bkw By: Russell Bryant (russell) 2005-02-06 22:48:14.000-0600 fixed with changes of sizeof blah ... to sizeof(blah) By: Roy Sigurd Karlsbakk (rkarlsba) 2005-02-07 02:04:08.000-0600 Just please don't remove it from v1-0 People are using the stuff :) thanks roy By: Mark Spencer (markster) 2005-02-07 08:43:37.000-0600 I said it was removed from CVS HEAD not from stable. By: Russell Bryant (russell) 2005-02-07 23:41:00.000-0600 The bugnote that I place while closing the bug is always in regards to what I did with the patch for stable. By: Roy Sigurd Karlsbakk (rkarlsba) 2005-02-10 22:57:04.000-0600 Changed all query[x] to query[1024] Also, the patch should say snprintf(query, sizeof(query) - 1, "SELECT password,fullname,email,pager,options FROM users WHERE context='%s' AND mailbox='%s'", context, mailbox); not snprintf(query, sizeof(query - 1), "SELECT password,fullname,email,pager,options FROM users WHERE context='%s' AND mailbox='%s'", context, mailbox); am I right? By: Russell Bryant (russell) 2005-02-10 23:30:06.000-0600 oops! I fixed the sizeof stuff. |