benlangfeld
commented
11 years ago I presume you've noticed the same issue in mod_rayo? https://github.com/FreeSWITCH/FreeSWITCH/blob/master/src/mod/event_handlers/mod_rayo/srgs.c#L1195
Closed crienzo closed 11 years ago
benlangfeld
commented
11 years ago I presume you've noticed the same issue in mod_rayo? https://github.com/FreeSWITCH/FreeSWITCH/blob/master/src/mod/event_handlers/mod_rayo/srgs.c#L1195
crienzo
commented
11 years ago I checked input length before doing the initial match. I was too lazy to mess with memory allocation and figured 128 digits is a reasonable limit.
On Jun 25, 2013, at 4:15 PM, Ben Langfeld notifications@github.com wrote:
I presume you've noticed the same issue in mod_rayo? https://github.com/FreeSWITCH/FreeSWITCH/blob/master/src/mod/event_handlers/mod_rayo/srgs.c#L1195
— Reply to this email directly or view it on GitHub.
benlangfeld
commented
11 years ago Fixed in c0580be972d3ef30bfa19821c01ff38cbe32ff28
there's a sprintf() in is_match_end() that is unsafe since you don't check input length.