From c8029653436fbfd694b0d199cfcd988c296fe3d8 Mon Sep 17 00:00:00 2001 From: Corey Farrell Date: Mon, 27 Mar 2017 10:03:49 -0400 Subject: [PATCH] CDR: Protect from data overflow in ast_cdr_setuserfield. ast_cdr_setuserfield writes to a fixed length field without using strcpy. This could result in a buffer overrun when called form chan_sip or func_cdr. ASTERISK-26545 #close Change-Id: Ib23ca77e9b9e2803a450e1206af45df2d2fdf65c --- main/cdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/cdr.c b/main/cdr.c index 2d2f51b..e09efe2 100644 --- a/main/cdr.c +++ b/main/cdr.c @@ -3254,7 +3254,7 @@ void ast_cdr_setuserfield(const char *channel_name, const char *userfield) if (it_cdr->fn_table == &finalized_state_fn_table && it_cdr->next != NULL) { continue; } - strcpy(it_cdr->party_a.userfield, userfield); + ast_copy_string(it_cdr->party_a.userfield, userfield, AST_MAX_USER_FIELD); } ao2_unlock(cdr); } -- 2.9.3