From 62212dec6aa77928a7c168d58c99f3dad034931b Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Fri, 7 Nov 2025 17:45:21 -0500 Subject: [PATCH] app_dtmfstore: Avoid a potential buffer overflow. Prefer snprintf() so we can readily detect if our output was truncated. Resolves: #1421 --- apps/app_dtmfstore.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/apps/app_dtmfstore.c b/apps/app_dtmfstore.c index fe564afefa..e0a6ee8d20 100644 --- a/apps/app_dtmfstore.c +++ b/apps/app_dtmfstore.c @@ -170,7 +170,12 @@ static struct ast_frame *dtmf_store_framehook(struct ast_channel *chan, return f; } - sprintf(varnamesub, "${%s}", varname); + len = snprintf(varnamesub, sizeof(varnamesub), "${%s}", varname); + if (len >= sizeof(varnamesub)) { + /* Not enough room, bail out */ + return f; + } + pbx_substitute_variables_helper(chan, varnamesub, currentdata, 511); /* pbx_builtin_getvar_helper works for regular vars but not CDR vars */ if (ast_strlen_zero(currentdata)) { /* var doesn't exist yet */