diff --git a/media/webrtc/signaling/src/sipcc/core/ccapp/ccprovider.c b/media/webrtc/signaling/src/sipcc/core/ccapp/ccprovider.c index 295d573f4eaf..924a7f1cc1c5 100755 --- a/media/webrtc/signaling/src/sipcc/core/ccapp/ccprovider.c +++ b/media/webrtc/signaling/src/sipcc/core/ccapp/ccprovider.c @@ -581,9 +581,9 @@ static void updateVideoPref( unsigned int event, line_t line_id, callid_t call_i * digits - memory to return the first param * Returns: */ -void getDigits(string_t data, char *digits) { +static void getDigits(string_t data, char *digits, unsigned int buffer_length) { char *endptr; - int len=0; + unsigned int len=0; digits[0]=0; @@ -595,6 +595,11 @@ void getDigits(string_t data, char *digits) { len = strlen(data); } + /* prevent len from writing past buffer size */ + if (len >= buffer_length) { + len = buffer_length - 1; + } + if ( len) { memcpy(digits, data, len); digits[len] = 0; @@ -692,7 +697,7 @@ processSessionEvent (line_t line_id, callid_t call_id, unsigned int event, sdp_d break; case CC_FEATURE_DIALSTR: if (CheckAndGetAvailableLine(&line_id, &call_id) == TRUE) { - getDigits(data, digits); + getDigits(data, digits, sizeof(digits)); if (strlen(digits) == 0) { //if dial string is empty then go offhook cc_offhook(CC_SRC_UI, call_id, line_id); @@ -779,7 +784,7 @@ processSessionEvent (line_t line_id, callid_t call_id, unsigned int event, sdp_d break; } - getDigits(data,digits); + getDigits(data, digits, sizeof(digits)); dp_int_init_dialing_data(line_id, call_id); dp_int_dial_immediate(line_id, call_id, TRUE, @@ -890,7 +895,7 @@ processSessionEvent (line_t line_id, callid_t call_id, unsigned int event, sdp_d }// DON'T ADD BREAK HERE. EVENT IS PASSED BELOW case CC_FEATURE_B2BCONF: case CC_FEATURE_XFER: - getDigits(data,digits); + getDigits(data, digits, sizeof(digits)); if ( strlen(digits)) { cc_feature_data_t ftr_data; CCAPP_DEBUG(DEB_F_PREFIX"conf: sid=%s.", DEB_F_PREFIX_ARGS(SIP_CC_PROV, fname),data);