From 11a8218db06d8d90be92ec4347a5bdfa1043a706 Mon Sep 17 00:00:00 2001 From: Michael Jerris Date: Wed, 14 Feb 2007 03:45:10 +0000 Subject: [PATCH] potential format string exploits (warning: format not a string literal and no format arguments) git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@4254 d0543943-73ff-0310-b7d9-9358b9ac24b2 --- src/mod/applications/mod_conference/mod_conference.c | 2 +- src/mod/endpoints/mod_dingaling/mod_dingaling.c | 4 ++-- src/mod/endpoints/mod_sofia/mod_sofia.c | 2 +- src/mod/event_handlers/mod_event_socket/mod_event_socket.c | 4 ++-- src/switch_ivr.c | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/mod/applications/mod_conference/mod_conference.c b/src/mod/applications/mod_conference/mod_conference.c index ca1bb24e14..22b651dd2a 100644 --- a/src/mod/applications/mod_conference/mod_conference.c +++ b/src/mod/applications/mod_conference/mod_conference.c @@ -2466,7 +2466,7 @@ static switch_status_t conf_api_sub_dtmf(conference_member_t *member, switch_str switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Conference-Name", "%s", member->conference->name); switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Member-ID", "%u", member->id); switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Action", "dtmf-member"); - switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Digits", dtmf); + switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Digits", "%s", dtmf); switch_event_fire(&event); } diff --git a/src/mod/endpoints/mod_dingaling/mod_dingaling.c b/src/mod/endpoints/mod_dingaling/mod_dingaling.c index f096f792ba..f5fd291987 100644 --- a/src/mod/endpoints/mod_dingaling/mod_dingaling.c +++ b/src/mod/endpoints/mod_dingaling/mod_dingaling.c @@ -628,7 +628,7 @@ static void dl_logger(char *file, const char *func, int line, int level, char *f va_start(ap, fmt); vsnprintf(data, sizeof(data), fmt, ap); - switch_log_printf(SWITCH_CHANNEL_ID_LOG, file, func, line, SWITCH_LOG_DEBUG, data); + switch_log_printf(SWITCH_CHANNEL_ID_LOG, file, func, line, SWITCH_LOG_DEBUG, "%s", data); va_end(ap); } @@ -2427,7 +2427,7 @@ static ldl_status handle_signalling(ldl_handle_t *handle, ldl_session_t *dlsessi switch_event_add_header(event, SWITCH_STACK_BOTTOM, "to", "%s", to); switch_event_add_header(event, SWITCH_STACK_BOTTOM, "subject", "%s", subject); if (msg) { - switch_event_add_body(event, msg); + switch_event_add_body(event, "%s", msg); } if (switch_core_session_queue_event(tech_pvt->session, &event) != SWITCH_STATUS_SUCCESS) { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "delivery-failure", "true"); diff --git a/src/mod/endpoints/mod_sofia/mod_sofia.c b/src/mod/endpoints/mod_sofia/mod_sofia.c index 8a44cbceb8..71f36ca59c 100644 --- a/src/mod/endpoints/mod_sofia/mod_sofia.c +++ b/src/mod/endpoints/mod_sofia/mod_sofia.c @@ -2659,7 +2659,7 @@ static void sip_i_message(int status, switch_event_add_header(event, SWITCH_STACK_BOTTOM, "to", "%s", to_addr); switch_event_add_header(event, SWITCH_STACK_BOTTOM, "subject", "SIMPLE MESSAGE"); if (msg) { - switch_event_add_body(event, msg); + switch_event_add_body(event, "%s", msg); } if (switch_core_session_queue_event(tech_pvt->session, &event) != SWITCH_STATUS_SUCCESS) { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "delivery-failure", "true"); diff --git a/src/mod/event_handlers/mod_event_socket/mod_event_socket.c b/src/mod/event_handlers/mod_event_socket/mod_event_socket.c index 41838182c7..7392a7a9c4 100644 --- a/src/mod/event_handlers/mod_event_socket/mod_event_socket.c +++ b/src/mod/event_handlers/mod_event_socket/mod_event_socket.c @@ -550,7 +550,7 @@ static void *SWITCH_THREAD_FUNC api_exec(switch_thread_t *thread, void *obj) if (switch_event_create(&event, SWITCH_EVENT_BACKGROUND_JOB) == SWITCH_STATUS_SUCCESS) { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Job-UUID", "%s", acs->uuid_str); - switch_event_add_body(event, reply); + switch_event_add_body(event, "%s", reply); switch_event_fire(&event); } } else { @@ -650,7 +650,7 @@ static switch_status_t parse_command(listener_t *listener, switch_event_t *event } } - snprintf(reply, reply_len, val); + snprintf(reply, reply_len, "%s", val); goto done; } else if (!strncasecmp(cmd, "myevents", 8)) { listener->event_list[SWITCH_EVENT_CHANNEL_CREATE] = 1; diff --git a/src/switch_ivr.c b/src/switch_ivr.c index 698be1c6e1..4a25b291ec 100644 --- a/src/switch_ivr.c +++ b/src/switch_ivr.c @@ -807,7 +807,7 @@ static void *SWITCH_THREAD_FUNC speech_thread(switch_thread_t *thread, void *obj if (switch_event_create(&event, SWITCH_EVENT_DETECTED_SPEECH) == SWITCH_STATUS_SUCCESS) { if (status == SWITCH_STATUS_SUCCESS) { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Speech-Type", "detected-speech"); - switch_event_add_body(event, xmlstr); + switch_event_add_body(event, "%s", xmlstr); } else { switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Speech-Type", "begin-speaking"); } @@ -2518,7 +2518,7 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_originate(switch_core_session_t *sess for (hi = switch_channel_variable_first(caller_channel, switch_core_session_get_pool(session)); hi; hi = switch_hash_next(hi)) { switch_hash_this(hi, &vvar, NULL, &vval); if (vvar && vval) { - switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, (void *)vvar, vval); + switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, (void *)vvar, "%s", (char *)vval); } }