dialog: increase puid size for profile to ensure null termination
authorDaniel-Constantin Mierla <miconda@gmail.com>
Fri, 21 Jul 2017 06:55:04 +0000 (08:55 +0200)
committerDaniel-Constantin Mierla <miconda@gmail.com>
Fri, 21 Jul 2017 06:55:04 +0000 (08:55 +0200)
src/modules/dialog/dlg_profile.c
src/modules/dialog/dlg_profile.h
src/modules/dialog/dlg_req_within.c

index 3576f68..89d9946 100644 (file)
@@ -667,7 +667,7 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi
        }
        if(puid && puid->s && puid->len>0) {
                if(puid->len<SRUID_SIZE) {
-                       strcpy(linker->hash_linker.puid, puid->s);
+                       memcpy(linker->hash_linker.puid, puid->s, puid->len);
                        linker->hash_linker.puid_len = puid->len;
                } else {
                        LM_ERR("puid size is too large\n");
@@ -677,7 +677,8 @@ int dlg_add_profile(dlg_cell_t *dlg, str *value, struct dlg_profile_table *profi
        } else {
                sruid_next_safe(&_dlg_profile_sruid);
                if(_dlg_profile_sruid.uid.len<SRUID_SIZE) {
-                       strcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s);
+                       memcpy(linker->hash_linker.puid, _dlg_profile_sruid.uid.s,
+                                       _dlg_profile_sruid.uid.len);
                        linker->hash_linker.puid_len = _dlg_profile_sruid.uid.len;
                } else {
                        LM_ERR("sruid size is too large\n");
index 3d6c94d..5c09dd6 100644 (file)
@@ -54,7 +54,7 @@
 typedef struct dlg_profile_hash {
        str value; /*!< hash value */
        struct dlg_cell *dlg; /*!< dialog cell */
-       char puid[SRUID_SIZE];
+       char puid[SRUID_SIZE+2];
        int puid_len;
        time_t expires;
        int flags;
index a67b976..d37bbbf 100644 (file)
@@ -406,7 +406,7 @@ static inline int send_bye(struct dlg_cell * cell, int dir, str *hdrs)
                                dlg_lreq_callee_headers.len);
                lhdrs.len += dlg_lreq_callee_headers.len;
                if(dlg_lreq_callee_headers.s[dlg_lreq_callee_headers.len-1]!='\n') {
-                       strncpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN);
+                       memcpy(lhdrs.s+lhdrs.len, CRLF, CRLF_LEN);
                        lhdrs.len += CRLF_LEN;
                }
        }