mirror of
https://github.com/asterisk/asterisk.git
synced 2026-07-06 23:02:55 -07:00
Iostreams: Correct off-by-one error.
ast_iostream_printf() attempts first to use a fixed-size buffer to perform its printf-like operation. If the fixed-size buffer is too small, then a heap allocation is used instead. The heap allocation in this case was exactly the length of the string to print. The issue here is that the ensuing call to vsnprintf() will print a NULL byte in the final space of the string. This meant that the final character was being chopped off the string and replaced with a NULL byte. For HTTP in particular, this caused problems because HTTP publishes the expected Contact-Length. This meant HTTP was publishing a length one character larger than what was actually present in the message. This patch corrects the issue by adding one to the allocation length. ASTERISK-26629 Reported by Joshua Colp Change-Id: Ib3c5f41e96833d0415cf000656ac368168add639
This commit is contained in:
+8
-5
@@ -404,7 +404,7 @@ ssize_t ast_iostream_write(struct ast_iostream *stream, const void *buf, size_t
|
||||
|
||||
ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
|
||||
{
|
||||
char sbuf[256], *buf = sbuf;
|
||||
char sbuf[512], *buf = sbuf;
|
||||
int len, len2, ret = -1;
|
||||
va_list va;
|
||||
|
||||
@@ -412,15 +412,18 @@ ssize_t ast_iostream_printf(struct ast_iostream *stream, const void *fmt, ...)
|
||||
len = vsnprintf(buf, sizeof(sbuf), fmt, va);
|
||||
va_end(va);
|
||||
|
||||
if (len > sizeof(sbuf)) {
|
||||
buf = ast_malloc(len);
|
||||
if (len > sizeof(sbuf) - 1) {
|
||||
/* Add one to the string length to accommodate the NULL byte */
|
||||
size_t buf_len = len + 1;
|
||||
|
||||
buf = ast_malloc(buf_len);
|
||||
if (!buf) {
|
||||
return -1;
|
||||
}
|
||||
va_start(va, fmt);
|
||||
len2 = vsnprintf(buf, len, fmt, va);
|
||||
len2 = vsnprintf(buf, buf_len, fmt, va);
|
||||
va_end(va);
|
||||
if (len2 > len) {
|
||||
if (len2 != len) {
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user