Module: kamailio Branch: master Commit: 1c164473c6fd78318236254827a4cadbe8271463 URL: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadb...
Author: Chris Double chris.double@double.co.nz Committer: Chris Double chris.double@double.co.nz Date: 2015-09-23T22:03:47+12:00
htable: Fix buffer overrun in htable_rpc_list
- Fix for using wrong len variable in htable_rpc_list if ht->dbtable.len is greater than 127, causing an out of bounds write.
---
Modified: modules/htable/htable.c
---
Diff: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadb... Patch: https://github.com/kamailio/kamailio/commit/1c164473c6fd78318236254827a4cadb...
---
diff --git a/modules/htable/htable.c b/modules/htable/htable.c index c6e2250..8339e41 100644 --- a/modules/htable/htable.c +++ b/modules/htable/htable.c @@ -1044,7 +1044,7 @@ static void htable_rpc_list(rpc_t* rpc, void* c) if (ht->dbtable.len > 0) { len = ht->dbtable.len > 127 ? 127 : ht->dbtable.len; memcpy(dbname, ht->dbtable.s, len); - dbname[ht->dbtable.len] = '\0'; + dbname[len] = '\0'; } else { dbname[0] = '\0'; }
-
Chris Double