From 6c9f009b6d208eeb656bc19ec2e1675f755c73a9 Mon Sep 17 00:00:00 2001
From: Russell Bryant <russell@russellbryant.com>
Date: Wed, 14 Mar 2012 10:05:07 +0000
Subject: [PATCH] Fix invalid reads/writes due to incorrect sizeof().

These few places in the code used sizeof() on h_addr in struct hostent.
This is sizeof(char *).  The correct way to get the size of this address is to
use h_length.  This error would result in reads/writes of 8 bytes instead of 4
on 64-bit machines.
........

Merged revisions 359211 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 359212 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359213 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 apps/app_externalivr.c | 2 +-
 channels/chan_iax2.c   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/app_externalivr.c b/apps/app_externalivr.c
index 0dee58ceaa..5a320002ba 100644
--- a/apps/app_externalivr.c
+++ b/apps/app_externalivr.c
@@ -515,7 +515,7 @@ static int app_exec(struct ast_channel *chan, const char *data)
 		ast_gethostbyname(hostname, &hp);
 		remote_address_tmp.sin_family = AF_INET;
 		remote_address_tmp.sin_port = htons(port);
-		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, sizeof(hp.hp.h_addr));
+		memcpy(&remote_address_tmp.sin_addr.s_addr, hp.hp.h_addr, hp.hp.h_length);
 		ast_sockaddr_from_sin(&ivr_desc.remote_address, &remote_address_tmp);
 		if (!(ser = ast_tcptls_client_create(&ivr_desc)) || !(ser = ast_tcptls_client_start(ser))) {
 			goto exit;
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 20114a2859..a3e0cb47b3 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -4354,7 +4354,7 @@ static struct iax2_peer *realtime_peer(const char *peername, struct sockaddr_in
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;
@@ -4466,7 +4466,7 @@ static struct iax2_user *realtime_user(const char *username, struct sockaddr_in
 				if (!strcasecmp(tmp->name, "host")) {
 					struct ast_hostent ahp;
 					struct hostent *hp;
-					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || (memcmp(hp->h_addr, &sin->sin_addr, sizeof(hp->h_addr)))) {
+					if (!(hp = ast_gethostbyname(tmp->value, &ahp)) || memcmp(hp->h_addr, &sin->sin_addr, hp->h_length)) {
 						/* No match */
 						ast_variables_destroy(var);
 						var = NULL;
-- 
GitLab