From 6068c49f486f546bcb08102223fd79e49f2e0172 Mon Sep 17 00:00:00 2001 From: Yann Diorcet Date: Tue, 20 Mar 2012 11:53:02 +0100 Subject: [PATCH] Avoid buffer overflow in console commands --- console/commands.c | 10 +++++----- coreapi/TunnelManager.cc | 2 +- coreapi/callbacks.c | 1 + coreapi/linphonecore.c | 4 ++++ coreapi/linphonecore.h | 1 + mediastreamer2 | 2 +- oRTP | 2 +- 7 files changed, 14 insertions(+), 8 deletions(-) diff --git a/console/commands.c b/console/commands.c index bccb09c8..776d2b26 100644 --- a/console/commands.c +++ b/console/commands.c @@ -640,7 +640,7 @@ lpc_cmd_transfer(LinphoneCore *lc, char *args) char arg1[256]={0}; char arg2[266]={0}; long id2=0; - int n=sscanf(args,"%s %s %li",arg1,arg2,&id2); + int n=sscanf(args,"%255s %265s %li",arg1,arg2,&id2); if (n==1 || isalpha(*arg1)){ call=linphone_core_get_current_call(lc); if (call==NULL && ms_list_size(linphone_core_get_calls(lc))==1){ @@ -1898,7 +1898,7 @@ static int lpc_cmd_register(LinphoneCore *lc, char *args){ return 1; } passwd[0]=proxy[0]=identity[0]='\0'; - sscanf(args,"%s %s %s",identity,proxy,passwd); + sscanf(args,"%511s %511s %511s",identity,proxy,passwd); if (proxy[0]=='\0' || identity[0]=='\0'){ linphonec_out("Missing parameters, see help register\n"); return 1; @@ -2054,7 +2054,7 @@ static int lpc_cmd_param(LinphoneCore *lc, char *args) if (args == NULL) { return 0; } - switch (sscanf(args,"%s %s %s",section,param,value)) { + switch (sscanf(args,"%19s %19s %49s",section,param,value)) { // case 1 might show all current settings under a section case 2: string = lp_config_get_string(linphone_core_get_config(lc), section, param, "(undef)"); @@ -2086,7 +2086,7 @@ static int lpc_cmd_speak(LinphoneCore *lc, char *args){ if (!args) return 0; memset(voice,0,sizeof(voice)); - sscanf(args,"%s63",voice); + sscanf(args,"%63s",voice); sentence=args+strlen(voice); wavfile=tempnam("/tmp/","linphonec-espeak-"); snprintf(cl,sizeof(cl),"espeak -v %s -s 100 -w %s --stdin",voice,wavfile); @@ -2337,7 +2337,7 @@ static int _lpc_cmd_video_window(LinphoneCore *lc, char *args, bool_t is_preview VideoParams *params=is_preview ? &lpc_preview_params : &lpc_video_params; if (!args) return 0; - err=sscanf(args,"%s %i %i",subcommand,&a,&b); + err=sscanf(args,"%63s %i %i",subcommand,&a,&b); if (err>=1){ if (strcmp(subcommand,"pos")==0){ if (err<3) return 0; diff --git a/coreapi/TunnelManager.cc b/coreapi/TunnelManager.cc index 5eb93b7f..b8f1dae4 100644 --- a/coreapi/TunnelManager.cc +++ b/coreapi/TunnelManager.cc @@ -162,7 +162,7 @@ void TunnelManager::start() { if (!mTunnelClient) { mTunnelClient = new TunnelClient(); mTunnelClient->setCallback((StateCallback)tunnelCallback,this); - std::list::iterator it; + list::iterator it; for(it=mServerAddrs.begin();it!=mServerAddrs.end();++it){ const ServerAddr &addr=*it; mTunnelClient->addServer(addr.mAddr.c_str(), addr.mPort); diff --git a/coreapi/callbacks.c b/coreapi/callbacks.c index 579a5336..63bff23a 100644 --- a/coreapi/callbacks.c +++ b/coreapi/callbacks.c @@ -243,6 +243,7 @@ static void call_received(SalOp *h){ if (propose_early_media || ringback_tone!=NULL){ linphone_call_set_state(call,LinphoneCallIncomingEarlyMedia,"Incoming call early media"); + md=sal_call_get_final_media_description(h); linphone_core_update_streams(lc,call,md); } if (sal_call_get_replaces(call->op)!=NULL && lp_config_get_int(lc->config,"sip","auto_answer_replacing_calls",1)){ diff --git a/coreapi/linphonecore.c b/coreapi/linphonecore.c index b5d23c38..63be1a7f 100644 --- a/coreapi/linphonecore.c +++ b/coreapi/linphonecore.c @@ -4041,6 +4041,10 @@ void *linphone_core_get_user_data(LinphoneCore *lc){ return lc->data; } +void linphone_core_set_user_data(LinphoneCore *lc, void *userdata){ + lc->data=userdata; +} + int linphone_core_get_mtu(const LinphoneCore *lc){ return lc->net_conf.mtu; } diff --git a/coreapi/linphonecore.h b/coreapi/linphonecore.h index bb4a84b0..35fa25ad 100644 --- a/coreapi/linphonecore.h +++ b/coreapi/linphonecore.h @@ -1026,6 +1026,7 @@ void linphone_core_enable_keep_alive(LinphoneCore* lc,bool_t enable); bool_t linphone_core_keep_alive_enabled(LinphoneCore* lc); void *linphone_core_get_user_data(LinphoneCore *lc); +void linphone_core_set_user_data(LinphoneCore *lc, void *userdata); /* returns LpConfig object to read/write to the config file: usefull if you wish to extend the config file with your own sections */ diff --git a/mediastreamer2 b/mediastreamer2 index 0481d7d1..902cd8d3 160000 --- a/mediastreamer2 +++ b/mediastreamer2 @@ -1 +1 @@ -Subproject commit 0481d7d11e445bf04b095f4adc6d3b76f9e86ee2 +Subproject commit 902cd8d36daef0913ac235b283668e5b3dbda515 diff --git a/oRTP b/oRTP index 3fb614e2..d62fa221 160000 --- a/oRTP +++ b/oRTP @@ -1 +1 @@ -Subproject commit 3fb614e2ed15803f2c96c223cceb5545a60f2431 +Subproject commit d62fa221ed9d373427f1fda9bdbfc301f25a5141 -- 2.39.2