-
Richard Mudgett authored
The construction of the returned string assumed incorrectly that the supplied buffer would always be initialized as an empty string. If it is not an empty string we could overrun the supplied buffer by the length of the non-empty buffer string plus one. It is also theoreticaly possible for the supplied buffer to be overrun by a string terminator during a read operation even if the supplied buffer is an empty string. * Fix the assumption that the supplied buffer would already be an empty string. The buffer is not guaranteed to contain an empty string by all possible callers. * Fix string terminator buffer overrun potential. Change-Id: If6a0806806527678c8554b1dcb34fd7808aa95c9
Richard Mudgett authoredThe construction of the returned string assumed incorrectly that the supplied buffer would always be initialized as an empty string. If it is not an empty string we could overrun the supplied buffer by the length of the non-empty buffer string plus one. It is also theoreticaly possible for the supplied buffer to be overrun by a string terminator during a read operation even if the supplied buffer is an empty string. * Fix the assumption that the supplied buffer would already be an empty string. The buffer is not guaranteed to contain an empty string by all possible callers. * Fix string terminator buffer overrun potential. Change-Id: If6a0806806527678c8554b1dcb34fd7808aa95c9
dialplan_functions.c 37.31 KiB