From d3abdf0b8d75cf141879bd31401ca6ff025d31b4 Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Thu, 10 Mar 2022 12:07:40 -0500 Subject: [PATCH] stasis_recording: Perform a complete match on requested filename. Using the length of a file found on the filesystem rather than the file being requested could result in filenames whose names are substrings of another to be erroneously matched. We now ensure a complete comparison before returning a positive result. ASTERISK-29960 #close Change-Id: Id3ffc77681b9b75b8569062f3d952a128a21c71a --- res/stasis_recording/stored.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/res/stasis_recording/stored.c b/res/stasis_recording/stored.c index 6cdca96e2b..9e9ae58343 100644 --- a/res/stasis_recording/stored.c +++ b/res/stasis_recording/stored.c @@ -130,6 +130,7 @@ static int split_path(const char *path, char **dir, char **file) struct match_recording_data { const char *file; + size_t length; char *file_with_ext; }; @@ -160,7 +161,9 @@ static int handle_find_recording(const char *dir_name, const char *filename, voi int num; /* If not a recording or the names do not match the keep searching */ - if (!(num = is_recording(filename)) || strncmp(data->file, filename, num)) { + if (!(num = is_recording(filename)) + || data->length != num + || strncmp(data->file, filename, num)) { return 0; } @@ -186,6 +189,7 @@ static char *find_recording(const char *dir_name, const char *file) { struct match_recording_data data = { .file = file, + .length = strlen(file), .file_with_ext = NULL };