kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

the DAHDI_GETCONF, DAHDI_SETCONF and DAHDI_GET_PARAMS ioctls were recently corrected to show that they do, in fact, read data from userspace as part of their work. due to this fix, valgrind now reports a number of cases where chan_dahdi passed an uninitialized (or partially) buffer to these ioctls, which could lead to unexpected behavior.

Browse Source 
this patch corrects chan_dahdi to ensure that buffers passed to these ioctls are always fully initialized.



git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@185952 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Kevin P. Fleming
2009-04-02 13:43:43 +00:00
parent 36c92eec0e
commit 090f081e41
1 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
channels/chan_dahdi.c
View File

@@ -1623,9 +1623,6 @@ static int conf_del(struct dahdi_pvt *p, struct dahdi_subchannel *c, int index)
/* Don't delete if we don't think it's conferenced at all (implied) */
) return 0;
memset(&zi, 0, sizeof(zi));
zi.chan = 0;
zi.confno = 0;
zi.confmode = 0;
if (ioctl(c->dfd, DAHDI_SETCONF, &zi)) {
ast_log(LOG_WARNING, "Failed to drop %d from conference %d/%d: %s\n", c->dfd, c->curconf.confmode, c->curconf.confno, strerror(errno));
return -1;
@@ -1681,11 +1678,12 @@ static int isslavenative(struct dahdi_pvt *p, struct dahdi_pvt **out)
static int reset_conf(struct dahdi_pvt *p)
{
struct dahdi_confinfo zi;
memset(&zi, 0, sizeof(zi));
p->confno = -1;
memset(&p->subs[SUB_REAL].curconf, 0, sizeof(p->subs[SUB_REAL].curconf));
if (p->subs[SUB_REAL].dfd > -1) {
struct dahdi_confinfo zi;
memset(&zi, 0, sizeof(zi));
if (ioctl(p->subs[SUB_REAL].dfd, DAHDI_SETCONF, &zi))
ast_log(LOG_WARNING, "Failed to reset conferencing on channel %d: %s\n", p->channel, strerror(errno));
}
@@ -1999,8 +1997,7 @@ static int save_conference(struct dahdi_pvt *p)
p->saveconf.confmode = 0;
return -1;
}
c.chan = 0;
c.confno = 0;
memset(&c, 0, sizeof(c));
c.confmode = DAHDI_CONF_NORMAL;
res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_SETCONF, &c);
if (res) {
@@ -3036,6 +3033,7 @@ static int dahdi_hangup(struct ast_channel *ast)
case SIG_FXOGS:
case SIG_FXOLS:
case SIG_FXOKS:
memset(&par, 0, sizeof(par));
res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par);
if (!res) {
#if 0
@@ -3987,6 +3985,7 @@ static int get_alarms(struct dahdi_pvt *p)
return zi.alarms;
#if !defined(HAVE_ZAPTEL) || defined(HAVE_ZAPTEL_CHANALARMS)
/* No alarms on the span. Check for channel alarms. */
memset(&params, 0, sizeof(params));
if ((res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &params)) >= 0)
return params.chan_alarms;
/* ioctl failed */
@@ -4596,6 +4595,7 @@ static struct ast_frame *dahdi_handle_event(struct ast_channel *ast)
{
struct dahdi_params par;
memset(&par, 0, sizeof(par));
if (ioctl(p->oprpeer->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par) != -1)
{
if (!par.rxisoffhook)
@@ -5095,6 +5095,7 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast)
{
struct dahdi_params ps;
memset(&ps, 0, sizeof(ps));
ps.channo = p->channel;
if (ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps) < 0) {
ast_mutex_unlock(&p->lock);
@@ -5670,6 +5671,7 @@ static struct ast_channel *dahdi_new(struct dahdi_pvt *i, int state, int startpb
if (!tmp)
return NULL;
tmp->tech = chan_tech;
memset(&ps, 0, sizeof(ps));
ps.channo = i->channel;
res = ioctl(i->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps);
if (res) {
@@ -7816,9 +7818,10 @@ static struct dahdi_pvt *mkintf(int channel, const struct dahdi_chan_conf *conf,
#endif
} else {
chan_sig = tmp->sig;
memset(&p, 0, sizeof(p));
if (tmp->subs[SUB_REAL].dfd > -1)
if (tmp->subs[SUB_REAL].dfd > -1) {
memset(&p, 0, sizeof(p));
res = ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &p);
}
}
/* Adjust starttime on loopstart and kewlstart trunks to reasonable values */
switch (chan_sig) {
@@ -8126,9 +8129,10 @@ static inline int available(struct dahdi_pvt *p, int channelmatch, ast_group_t g
if (!p->sig || (p->sig == SIG_FXSLS))
return 1;
/* Check hook state */
if (p->subs[SUB_REAL].dfd > -1)
if (p->subs[SUB_REAL].dfd > -1) {
memset(&par, 0, sizeof(par));
res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par);
else {
} else {
/* Assume not off hook on CVRS */
res = 0;
par.rxisoffhook = 0;
@@ -8517,6 +8521,7 @@ static int pri_find_principle(struct dahdi_pri *pri, int channel)
if (!explicit) {
spanfd = pri_active_dchan_fd(pri);
memset(&param, 0, sizeof(param));
if (ioctl(spanfd, DAHDI_GET_PARAMS, &param))
return -1;
span = pris[param.spanno - 1].prilogicalspan;
@@ -9972,6 +9977,7 @@ static int start_pri(struct dahdi_pri *pri)
ast_log(LOG_ERROR, "Unable to open D-channel %d (%s)\n", x, strerror(errno));
return -1;
}
memset(&p, 0, sizeof(p));
res = ioctl(pri->fds[i], DAHDI_GET_PARAMS, &p);
if (res) {
dahdi_close_pri_fd(pri, i);
@@ -10674,6 +10680,7 @@ static int dahdi_show_channel(int fd, int argc, char **argv)
memset(&ci, 0, sizeof(ci));
ps.channo = tmp->channel;
if (tmp->subs[SUB_REAL].dfd > -1) {
memset(&ci, 0, sizeof(ci));
if (!ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GETCONF, &ci)) {
ast_cli(fd, "Actual Confinfo: Num/%d, Mode/0x%04x\n", ci.confno, ci.confmode);
}
@@ -10682,6 +10689,7 @@ static int dahdi_show_channel(int fd, int argc, char **argv)
ast_cli(fd, "Actual Confmute: %s\n", x ? "Yes" : "No");
}
#endif
memset(&ps, 0, sizeof(ps));
if (ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps) < 0) {
ast_log(LOG_WARNING, "Failed to get parameters on channel %d: %s\n", tmp->channel, strerror(errno));
} else {