[sr-dev] git:master:f2796ceb: dialog: increase puid size for profile to ensure null termination

Module: kamailio Branch: master Commit: f2796ceb0a127c1a6580a9d9582ec9bc0fba6081 URL: https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9b… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2017-07-21T08:55:04+02:00 dialog: increase puid size for profile to ensure null termination --- Modified: src/modules/dialog/dlg_profile.c Modified: src/modules/dialog/dlg_profile.h Modified: src/modules/dialog/dlg_req_within.c --- Diff: https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9b… Patch: https://github.com/kamailio/kamailio/commit/f2796ceb0a127c1a6580a9d9582ec9b… --- diff --git a/src/modules/dialog/dlg_profile.c b/src/modules/dialog/dlg_profile.c index 3576f68036..89d994616b 100644 --- a/src/modules/dialog/dlg_profile.c +++ b/src/modules/dialog/dlg_profile.c @@ -667,7 +667,7 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi } if(puid && puid->s && puid->len>0) { if(puid->len<SRUID_SIZE) { - strcpy(linker->hash_linker.puid, puid->s); + memcpy(linker->hash_linker.puid, puid->s, puid->len); linker->hash_linker.puid_len = puid->len; } else { LM_ERR("puid size is too large\n"); @@ -677,7 +677,8 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi } else { sruid_next_safe(&_dlg_profile_sruid); if(_dlg_profile_sruid.uid.len<SRUID_SIZE) { - strcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s); + memcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s, + _dlg_profile_sruid.uid.len); linker->hash_linker.puid_len = _dlg_profile_sruid.uid.len; } else { LM_ERR("sruid size is too large\n"); diff --git a/src/modules/dialog/dlg_profile.h b/src/modules/dialog/dlg_profile.h index 3d6c94d6d4..5c09dd6083 100644 --- a/src/modules/dialog/dlg_profile.h +++ b/src/modules/dialog/dlg_profile.h @@ -54,7 +54,7 @@ typedef struct dlg_profile_hash { str value; /*!< hash value */ struct dlg_cell *dlg; /*!< dialog cell */ - char puid[SRUID_SIZE]; + char puid[SRUID_SIZE+2]; int puid_len; time_t expires; int flags; diff --git a/src/modules/dialog/dlg_req_within.c b/src/modules/dialog/dlg_req_within.c index a67b976137..d37bbbf514 100644 --- a/src/modules/dialog/dlg_req_within.c +++ b/src/modules/dialog/dlg_req_within.c @@ -406,7 +406,7 @@ static inline int send_bye(struct dlg_cell * cell, int dir, str *hdrs) dlg_lreq_callee_headers.len); lhdrs.len += dlg_lreq_callee_headers.len; if(dlg_lreq_callee_headers.s[dlg_lreq_callee_headers.len-1]!='\n') { - strncpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN); + memcpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN); lhdrs.len += CRLF_LEN; } }