From c8029653436fbfd694b0d199cfcd988c296fe3d8 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Mon, 27 Mar 2017 10:03:49 -0400
Subject: [PATCH] CDR: Protect from data overflow in ast_cdr_setuserfield.

ast_cdr_setuserfield writes to a fixed length field without using
strcpy.  This could result in a buffer overrun when called form chan_sip
or func_cdr.

ASTERISK-26545 #close

Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c
---
 main/cdr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main/cdr.c b/main/cdr.c
index 2d2f51b..e09efe2 100644
--- a/main/cdr.c
+++ b/main/cdr.c
@@ -3254,7 +3254,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield)
 			if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) {
 				continue;
 			}
-			strcpy(it_cdr->party_a.userfield, userfield);
+			ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD);
 		}
 		ao2_unlock(cdr);
 	}
-- 
2.9.3