From d7be4318bb567c925e5d7e1827e30e4d29ac45dd Mon Sep 17 00:00:00 2001 From: "Kevin P. Fleming" Date: Wed, 8 Oct 2008 22:22:09 +0000 Subject: [PATCH] when parsing a text configuration option, ensure that the buffer on the stack is actually large enough to hold the legal values of that option, and also ensure that sscanf() knows to stop parsing if it would overrun the buffer (without these changes, specifying "buffers=...,immediate" would overflow the buffer on the stack, and could not have worked as expected) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@147681 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_dahdi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index 476a24c628..60b6d2d9ff 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -10990,8 +10990,9 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct return -1; } else if (!strcasecmp(v->name, "buffers")) { int res; - char policy[8] = ""; - res = sscanf(v->value, "%d,%s", &confp->chan.buf_no, policy); + char policy[21] = ""; + + res = sscanf(v->value, "%d,%20s", &confp->chan.buf_no, policy); if (res != 2) { ast_log(LOG_WARNING, "Parsing buffers option data failed, using defaults.\n"); confp->chan.buf_no = numbufs;