kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

various modules: json integer overflow

Browse Source 
There were still a few places in the code that could overflow when "packing"
a json object with a value outside the base type integer's range. For instance:

unsigned int value = INT_MAX + 1
ast_json_pack("{s: i}", value);

would result in a negative number being "packed". In those situations this patch
alters those values to a ast_json_int_t, which widens the value up to a long or
long long.

ASTERISK-28480

Change-Id: Ied530780d83e6f1772adba0e28d8938ef30c49a1
This commit is contained in:
Kevin Harwell
2019-08-01 16:22:01 -05:00
parent 4018e88369
commit 3656c42cb0
10 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
main/aoc.c
View File

@@ -1738,13 +1738,13 @@ static struct ast_json *s_to_json(const struct ast_aoc_decoded *decoded)
decoded->aoc_s_entries[i].rate.duration.amount,
decoded->aoc_s_entries[i].rate.duration.multiplier);
time = ast_json_pack("{s:i, s:i}",
"Length", decoded->aoc_s_entries[i].rate.duration.time,
time = ast_json_pack("{s:I, s:i}",
"Length", (ast_json_int_t)decoded->aoc_s_entries[i].rate.duration.time,
"Scale", decoded->aoc_s_entries[i].rate.duration.time_scale);
if (decoded->aoc_s_entries[i].rate.duration.granularity_time) {
granularity = ast_json_pack("{s:i, s:i}",
"Length", decoded->aoc_s_entries[i].rate.duration.granularity_time,
granularity = ast_json_pack("{s:I, s:i}",
"Length", (ast_json_int_t)decoded->aoc_s_entries[i].rate.duration.granularity_time,
"Scale", decoded->aoc_s_entries[i].rate.duration.granularity_time_scale);
}