kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-25 15:08:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Avoid a crash with large numbers of MeetMe conferences.

Browse Source 
Similar to changes made to Queue(), when we have large numbers of conferences in
meetme.conf (1000s) and we use alloca()/strdupa(), we can blow out the stack and
crash, so instead just use a single fixed buffer.

(closes issue #16509)
Reported by: Kashif Raza
Patches:
      20091223_16509.patch uploaded by seanbright (license 71)
Tested by: seanbright


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@236509 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Sean Bright
2009-12-28 12:43:36 +00:00
parent 41db2479de
commit 3d20d25e4c
1 changed files with 33 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
apps/app_meetme.c
View File

@@ -319,6 +319,9 @@ static const char *slatrunk_desc =
#define MAX_CONFNUM 80 #define MAX_CONFNUM 80
#define MAX_PIN 80 #define MAX_PIN 80
/* Enough space for "<conference #>,<pin>,<admin pin>" followed by a 0 byte. */
#define MAX_SETTINGS (MAX_CONFNUM + MAX_PIN + MAX_PIN + 3)
enum announcetypes { enum announcetypes {
CONF_HASJOIN, CONF_HASJOIN,
CONF_HASLEFT CONF_HASLEFT
@@ -2563,7 +2566,6 @@ static struct ast_conference *find_conf(struct ast_channel *chan, char *confno,
struct ast_config *cfg; struct ast_config *cfg;
struct ast_variable *var; struct ast_variable *var;
struct ast_conference *cnf; struct ast_conference *cnf;
char *parse;
AST_DECLARE_APP_ARGS(args, AST_DECLARE_APP_ARGS(args,
AST_APP_ARG(confno); AST_APP_ARG(confno);
AST_APP_ARG(pin); AST_APP_ARG(pin);
@@ -2602,12 +2604,14 @@ static struct ast_conference *find_conf(struct ast_channel *chan, char *confno,
ast_log(LOG_WARNING, "No %s file :(\n", CONFIG_FILE_NAME); ast_log(LOG_WARNING, "No %s file :(\n", CONFIG_FILE_NAME);
return NULL; return NULL;
} }
for (var = ast_variable_browse(cfg, "rooms"); var; var = var->next) { for (var = ast_variable_browse(cfg, "rooms"); var; var = var->next) {
char parse[MAX_SETTINGS];
if (strcasecmp(var->name, "conf")) if (strcasecmp(var->name, "conf"))
continue; continue;
if (!(parse = ast_strdupa(var->value))) ast_copy_string(parse, var->value, sizeof(parse));
return NULL;
AST_NONSTANDARD_APP_ARGS(args, parse, ','); AST_NONSTANDARD_APP_ARGS(args, parse, ',');
if (!strcasecmp(args.confno, confno)) { if (!strcasecmp(args.confno, confno)) {
@@ -2774,11 +2778,11 @@ static int conf_exec(struct ast_channel *chan, void *data)
if (cfg) { if (cfg) {
var = ast_variable_browse(cfg, "rooms"); var = ast_variable_browse(cfg, "rooms");
while (var) { while (var) {
char parse[MAX_SETTINGS], *stringp = parse, *confno_tmp;
if (!strcasecmp(var->name, "conf")) { if (!strcasecmp(var->name, "conf")) {
char *stringp = ast_strdupa(var->value);
if (stringp) {
char *confno_tmp = strsep(&stringp, "|,");
int found = 0; int found = 0;
ast_copy_string(parse, var->value, sizeof(parse));
confno_tmp = strsep(&stringp, "|,");
if (!dynamic) { if (!dynamic) {
/* For static: run through the list and see if this conference is empty */ /* For static: run through the list and see if this conference is empty */
AST_LIST_LOCK(&confs); AST_LIST_LOCK(&confs);
@@ -2804,7 +2808,6 @@ static int conf_exec(struct ast_channel *chan, void *data)
} }
} }
} }
}
var = var->next; var = var->next;
} }
ast_config_destroy(cfg); ast_config_destroy(cfg);