[Freeswitch-svn] [commit] r4254 - in freeswitch/trunk/src: . mod/applications/mod_conference mod/endpoints/mod_dingaling mod/endpoints/mod_sofia mod/event_handlers/mod_event_socket

Freeswitch SVN mikej at freeswitch.org
Tue Feb 13 22:45:10 EST 2007 

Author: mikej
Date: Tue Feb 13 22:45:10 2007
New Revision: 4254

Modified:
   freeswitch/trunk/src/mod/applications/mod_conference/mod_conference.c
   freeswitch/trunk/src/mod/endpoints/mod_dingaling/mod_dingaling.c
   freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.c
   freeswitch/trunk/src/mod/event_handlers/mod_event_socket/mod_event_socket.c
   freeswitch/trunk/src/switch_ivr.c

Log:
potential format string exploits (warning: format not a string literal and no format arguments)

Modified: freeswitch/trunk/src/mod/applications/mod_conference/mod_conference.c
==============================================================================
--- freeswitch/trunk/src/mod/applications/mod_conference/mod_conference.c	(original)
+++ freeswitch/trunk/src/mod/applications/mod_conference/mod_conference.c	Tue Feb 13 22:45:10 2007
@@ -2466,7 +2466,7 @@
         switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Conference-Name", "%s", member->conference->name);
         switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Member-ID", "%u", member->id);
         switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Action", "dtmf-member");
-        switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Digits", dtmf);
+        switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Digits", "%s", dtmf);
         switch_event_fire(&event);
     }
 

Modified: freeswitch/trunk/src/mod/endpoints/mod_dingaling/mod_dingaling.c
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_dingaling/mod_dingaling.c	(original)
+++ freeswitch/trunk/src/mod/endpoints/mod_dingaling/mod_dingaling.c	Tue Feb 13 22:45:10 2007
@@ -628,7 +628,7 @@
 	va_start(ap, fmt);
 	
 	vsnprintf(data, sizeof(data), fmt, ap);
-	switch_log_printf(SWITCH_CHANNEL_ID_LOG, file, func, line, SWITCH_LOG_DEBUG, data);
+	switch_log_printf(SWITCH_CHANNEL_ID_LOG, file, func, line, SWITCH_LOG_DEBUG, "%s", data);
 
 	va_end(ap);
 }
@@ -2427,7 +2427,7 @@
 			switch_event_add_header(event, SWITCH_STACK_BOTTOM, "to", "%s", to);
 			switch_event_add_header(event, SWITCH_STACK_BOTTOM, "subject", "%s", subject);
 			if (msg) {
-				switch_event_add_body(event, msg);
+				switch_event_add_body(event, "%s", msg);
 			}
 			if (switch_core_session_queue_event(tech_pvt->session, &event) != SWITCH_STATUS_SUCCESS) {
 				switch_event_add_header(event, SWITCH_STACK_BOTTOM, "delivery-failure", "true");

Modified: freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.c
==============================================================================
--- freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.c	(original)
+++ freeswitch/trunk/src/mod/endpoints/mod_sofia/mod_sofia.c	Tue Feb 13 22:45:10 2007
@@ -2659,7 +2659,7 @@
 					switch_event_add_header(event, SWITCH_STACK_BOTTOM, "to", "%s", to_addr);
 					switch_event_add_header(event, SWITCH_STACK_BOTTOM, "subject", "SIMPLE MESSAGE");
 					if (msg) {
-						switch_event_add_body(event, msg);
+						switch_event_add_body(event, "%s", msg);
 					}
 					if (switch_core_session_queue_event(tech_pvt->session, &event) != SWITCH_STATUS_SUCCESS) {
 						switch_event_add_header(event, SWITCH_STACK_BOTTOM, "delivery-failure", "true");

Modified: freeswitch/trunk/src/mod/event_handlers/mod_event_socket/mod_event_socket.c
==============================================================================
--- freeswitch/trunk/src/mod/event_handlers/mod_event_socket/mod_event_socket.c	(original)
+++ freeswitch/trunk/src/mod/event_handlers/mod_event_socket/mod_event_socket.c	Tue Feb 13 22:45:10 2007
@@ -550,7 +550,7 @@
         
         if (switch_event_create(&event, SWITCH_EVENT_BACKGROUND_JOB) == SWITCH_STATUS_SUCCESS) {
             switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Job-UUID", "%s", acs->uuid_str);
-            switch_event_add_body(event, reply);
+            switch_event_add_body(event, "%s", reply);
             switch_event_fire(&event);
         }
     } else {
@@ -650,7 +650,7 @@
                 }
 
             }
-            snprintf(reply, reply_len, val);
+            snprintf(reply, reply_len, "%s", val);
             goto done;
         } else if (!strncasecmp(cmd, "myevents", 8)) {
             listener->event_list[SWITCH_EVENT_CHANNEL_CREATE] = 1;

Modified: freeswitch/trunk/src/switch_ivr.c
==============================================================================
--- freeswitch/trunk/src/switch_ivr.c	(original)
+++ freeswitch/trunk/src/switch_ivr.c	Tue Feb 13 22:45:10 2007
@@ -807,7 +807,7 @@
 			if (switch_event_create(&event, SWITCH_EVENT_DETECTED_SPEECH) == SWITCH_STATUS_SUCCESS) {
 				if (status == SWITCH_STATUS_SUCCESS) {
 					switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Speech-Type", "detected-speech");
-					switch_event_add_body(event, xmlstr);
+					switch_event_add_body(event, "%s", xmlstr);
 				} else {
 					switch_event_add_header(event, SWITCH_STACK_BOTTOM, "Speech-Type", "begin-speaking");
 				}
@@ -2518,7 +2518,7 @@
         for (hi = switch_channel_variable_first(caller_channel, switch_core_session_get_pool(session)); hi; hi = switch_hash_next(hi)) {
             switch_hash_this(hi, &vvar, NULL, &vval);
             if (vvar && vval) {
-                switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, (void *)vvar, vval);
+                switch_event_add_header(var_event, SWITCH_STACK_BOTTOM, (void *)vvar, "%s", (char *)vval);
             }
         }

More information about the Freeswitch-svn mailing list