Module: kamailio Branch: master Commit: 0666abf851bc5916b7700a30077ee954f695b862 URL: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee95… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2019-11-18T18:05:50+01:00 uac: use snprintf() instead of sprintf() --- Modified: src/modules/uac/replace.c --- Diff: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee95… Patch: https://github.com/kamailio/kamailio/commit/0666abf851bc5916b7700a30077ee95… --- diff --git a/src/modules/uac/replace.c b/src/modules/uac/replace.c index 8da8fc7441..0b489144a7 100644 --- a/src/modules/uac/replace.c +++ b/src/modules/uac/replace.c @@ -568,6 +568,7 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp, int i; int_str avp_value; int flag; + int bsize; /* we should process only sequential request, but since we are looking * for Route param, the test is not really required -bogdan */ @@ -589,15 +590,20 @@ int restore_uri( struct sip_msg *msg, str *rr_param, str* restore_avp, goto failed; } - add_to_rr.s = pkg_malloc(3+rr_param->len+param_val.len); + bsize = 3+rr_param->len+param_val.len; + add_to_rr.s = pkg_malloc(bsize); if ( add_to_rr.s==0 ) { add_to_rr.len = 0; LM_ERR("no more pkg mem\n"); goto failed; } - add_to_rr.len = sprintf(add_to_rr.s, ";%.*s=%.*s", + add_to_rr.len = snprintf(add_to_rr.s, bsize, ";%.*s=%.*s", rr_param->len, rr_param->s, param_val.len, param_val.s); + if(add_to_rr.len<0 || add_to_rr.len>=bsize) { + LM_ERR("printing rr param failed\n"); + goto failed; + } if ( uac_rrb.add_rr_param(msg, &add_to_rr)!=0 ) { LM_ERR("add rr param failed\n"); goto failed;