res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases

We're appropriately sizing the id_domain_alias buffer, but then copying the data into the id_domain one. We were then using the uninitialized id_domain_alias buffer we just allocated. This is ASTERISK~28641 adjacent, but significant enough to warrant its own patch. Change-Id: I81c38724d18deab8c6573153e2b99dbb6e2f33d9

res_pjsip_registrar.c: Prevent possible buffer overflow with domain aliases
0183e2bc · Sean Bright · c1ad1ea3 · 0183e2bc
Commit 0183e2bc authored 5 years ago by Sean Bright
--- a/res/res_pjsip_registrar.c
+++ b/res/res_pjsip_registrar.c
@@ -975,7 +975,7 @@ static char *find_aor_name(const char *username, const char *domain, const char
 	if (alias) {
 		char *id_domain_alias = ast_alloca(strlen(username) + strlen(alias->domain) + 2);

-		sprintf(id_domain, "%s@%s", username, alias->domain);
+		sprintf(id_domain_alias, "%s@%s", username, alias->domain);
 		ao2_cleanup(alias);

 		configured_aors = strcpy(aors_buf, aors);/* Safe */