Avoid buffer overflow in console commands

diff --git a/console/commands.c b/console/commands.c
index bccb09c8102987244158e29237dc544394c0022c..776d2b2609e4e1b59a8653259391f36ad342ee7d 100644 (file)
--- a/console/commands.c
+++ b/console/commands.c
@@ -640,7 +640,7 @@ lpc_cmd_transfer(LinphoneCore *lc, char *args)
                char arg1[256]={0};
                char arg2[266]={0};
                long id2=0;
-               int n=sscanf(args,"%s %s %li",arg1,arg2,&id2);
+               int n=sscanf(args,"%255s %265s %li",arg1,arg2,&id2);
                if (n==1 || isalpha(*arg1)){
                        call=linphone_core_get_current_call(lc);
                        if (call==NULL && ms_list_size(linphone_core_get_calls(lc))==1){
@@ -1898,7 +1898,7 @@ static int lpc_cmd_register(LinphoneCore *lc, char *args){
                return 1;
        }
        passwd[0]=proxy[0]=identity[0]='\0';
-       sscanf(args,"%s %s %s",identity,proxy,passwd);
+       sscanf(args,"%511s %511s %511s",identity,proxy,passwd);
        if (proxy[0]=='\0' || identity[0]=='\0'){
                linphonec_out("Missing parameters, see help register\n");
                return 1;
@@ -2054,7 +2054,7 @@ static int lpc_cmd_param(LinphoneCore *lc, char *args)
        if (args == NULL) {
                return 0;
        }
-       switch (sscanf(args,"%s %s %s",section,param,value)) {
+       switch (sscanf(args,"%19s %19s %49s",section,param,value)) {
                // case 1 might show all current settings under a section
                case 2:
                        string = lp_config_get_string(linphone_core_get_config(lc), section, param, "(undef)");
@@ -2086,7 +2086,7 @@ static int lpc_cmd_speak(LinphoneCore *lc, char *args){
        
     if (!args) return 0;
        memset(voice,0,sizeof(voice));
-       sscanf(args,"%s63",voice);
+       sscanf(args,"%63s",voice);
        sentence=args+strlen(voice);
        wavfile=tempnam("/tmp/","linphonec-espeak-");
        snprintf(cl,sizeof(cl),"espeak -v %s -s 100 -w %s --stdin",voice,wavfile);
@@ -2337,7 +2337,7 @@ static int _lpc_cmd_video_window(LinphoneCore *lc, char *args, bool_t is_preview
        VideoParams *params=is_preview ? &lpc_preview_params : &lpc_video_params;
 
        if (!args) return 0;
-       err=sscanf(args,"%s %i %i",subcommand,&a,&b);
+       err=sscanf(args,"%63s %i %i",subcommand,&a,&b);
        if (err>=1){
                if (strcmp(subcommand,"pos")==0){
                        if (err<3) return 0;

diff --git a/coreapi/TunnelManager.cc b/coreapi/TunnelManager.cc
index 5eb93b7f1f6b4f8c802f5564d61f29343ccab982..b8f1dae4890e4ca453c435d1bbf964cc3931218c 100644 (file)
--- a/coreapi/TunnelManager.cc
+++ b/coreapi/TunnelManager.cc
@@ -162,7 +162,7 @@ void TunnelManager::start() {
        if (!mTunnelClient) {
                mTunnelClient = new TunnelClient();
                mTunnelClient->setCallback((StateCallback)tunnelCallback,this);
-               std::list<ServerAddr>::iterator it;
+               list<ServerAddr>::iterator it;
                for(it=mServerAddrs.begin();it!=mServerAddrs.end();++it){
                        const ServerAddr &addr=*it;
                        mTunnelClient->addServer(addr.mAddr.c_str(), addr.mPort);

diff --git a/coreapi/callbacks.c b/coreapi/callbacks.c
index 579a5336a14f9cf8daba76dbf1d89b6582a1761f..63bff23a9059e781a77376ab22deb5c834d8024a 100644 (file)
--- a/coreapi/callbacks.c
+++ b/coreapi/callbacks.c
@@ -243,6 +243,7 @@ static void call_received(SalOp *h){
 
                if (propose_early_media || ringback_tone!=NULL){
                        linphone_call_set_state(call,LinphoneCallIncomingEarlyMedia,"Incoming call early media");
+                       md=sal_call_get_final_media_description(h);
                        linphone_core_update_streams(lc,call,md);
                }
                if (sal_call_get_replaces(call->op)!=NULL && lp_config_get_int(lc->config,"sip","auto_answer_replacing_calls",1)){

diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c
index b5d23c382c4e926a7708988ab63e86ec379ff24a..63be1a7fcfe90a893c6a2064fa68367144b3b180 100644 (file)
--- a/coreapi/linphonecore.c
+++ b/coreapi/linphonecore.c
@@ -4041,6 +4041,10 @@ void *linphone_core_get_user_data(LinphoneCore *lc){
        return lc->data;
 }
 
+void linphone_core_set_user_data(LinphoneCore *lc, void *userdata){
+       lc->data=userdata;
+}
+
 int linphone_core_get_mtu(const LinphoneCore *lc){
        return lc->net_conf.mtu;
 }

diff --git a/coreapi/linphonecore.h b/coreapi/linphonecore.h
index bb4a84b0ba6981490d65bbad5d28955cd85f341b..35fa25ad3442c80ff71d5704d212eb46570b0c9a 100644 (file)
--- a/coreapi/linphonecore.h
+++ b/coreapi/linphonecore.h
@@ -1026,6 +1026,7 @@ void linphone_core_enable_keep_alive(LinphoneCore* lc,bool_t enable);
 bool_t linphone_core_keep_alive_enabled(LinphoneCore* lc);
 
 void *linphone_core_get_user_data(LinphoneCore *lc);
+void linphone_core_set_user_data(LinphoneCore *lc, void *userdata);
 
 /* returns LpConfig object to read/write to the config file: usefull if you wish to extend
 the config file with your own sections */

diff --git a/mediastreamer2 b/mediastreamer2
index 0481d7d11e445bf04b095f4adc6d3b76f9e86ee2..902cd8d36daef0913ac235b283668e5b3dbda515 160000 (submodule)
--- a/mediastreamer2
+++ b/mediastreamer2
@@ -1 +1 @@
-Subproject commit 0481d7d11e445bf04b095f4adc6d3b76f9e86ee2
+Subproject commit 902cd8d36daef0913ac235b283668e5b3dbda515

diff --git a/oRTP b/oRTP
index 3fb614e2ed15803f2c96c223cceb5545a60f2431..d62fa221ed9d373427f1fda9bdbfc301f25a5141 160000 (submodule)
--- a/oRTP
+++ b/oRTP
@@ -1 +1 @@
-Subproject commit 3fb614e2ed15803f2c96c223cceb5545a60f2431
+Subproject commit d62fa221ed9d373427f1fda9bdbfc301f25a5141