|Summary:||ASTERISK-14078: [patch] Data truncated in ooh323_request because of sizeof incorrect usage|
|Reporter:||Igor Goncharovsky (igorg)||Labels:|
|Date Opened:||2009-05-06 23:35:14||Date Closed:||2009-09-08 13:25:36|
|Environment:||Attachments:||( 0) chan_ooh323_cpy_string_fix.c.v1.diff|
|Description:||On form user reported that destination passed via Dial to OOH323 channel. Issue caused by improper sizeof usage: data passed to ooh323_request is void* and not an static array.|
****** ADDITIONAL INFORMATION ******
-- Executing [7160@default:1] Dial("SIP/6073-093e0a80", "OOH323/7160") in new stack
--- ooh323_request - data 7160 format 0x2 (gsm)
--- find_peer "716"
+++ find_peer "716"
--- ooh323_new - 716
|Comments:||By: cmaj (cmaj) 2009-07-13 10:52:07|
How can this be against trunk? When chan_ooh323 was moved into addons/ it was left broken because of the underlying RTP->RTP_ENGINE changes.
By: Leif Madsen (lmadsen) 2009-08-20 14:45:05
cmaj: this issue was submitted in May, which I suspect was before that change. Anyone have any suggestions as to how I should handle this issue? Should it still be open, or is there anything that can be done here?
By: Igor Goncharovsky (igorg) 2009-09-06 01:25:10
Seems no changes from May. Problem here in using ast_copy_string with array length calculated as sizeof(data). data in this function is void*, when in others similar places sizeof taken from array with defined length.
In this situation always one byte copied, ignoring other string symbols. I have not know if it broken some functionality, but it is buggy string length anyway.
By: Igor Goncharovsky (igorg) 2009-09-06 01:30:35
It is for trunk. As for reworked channel, it is really have this bug fixed. In that part my bug duplicates it and can be closed, I think,
By: Leif Madsen (lmadsen) 2009-09-08 13:25:36
Closing per the reporter. Please reopen should this not be the case.