kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-12 15:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 378374,378377,378384 via svnmerge from

Browse Source 
file:///srv/subversion/repos/asterisk/trunk

................
  r378374 | rmudgett | 2013-01-02 15:23:16 -0600 (Wed, 02 Jan 2013) | 33 lines
  
  Fix AMI redirect action with two channels failing to redirect both channels.
  
  The AMI redirect action can fail to redirect two channels that are bridged
  together.  There is a race between the AMI thread redirecting the two
  channels and the bridge thread noticing that a channel is hungup from the
  redirects.
  
  * Made the bridge wait for both channels to be redirected before exiting.
  
  * Made the AMI redirect check that all required headers are present before
  proceeding with the redirection.
  
  * Made the AMI redirect require that any supplied ExtraChannel exist
  before proceeding.  Previously the code fell back to a single channel
  redirect operation.
  
  (closes issue ASTERISK-18975)
  Reported by: Ben Klang
  
  (closes issue ASTERISK-19948)
  Reported by: Brent Dalgleish
  Patches:
        jira_asterisk_19948_v11.patch (license #5621) patch uploaded by rmudgett
  Tested by: rmudgett, Thomas Sevestre, Deepak Lohani, Kayode
  
  Review: https://reviewboard.asterisk.org/r/2243/
  ........
  
  Merged revisions 378356 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  ........
  
  Merged revisions 378358 from http://svn.asterisk.org/svn/asterisk/branches/11
................
  r378377 | mjordan | 2013-01-02 16:10:32 -0600 (Wed, 02 Jan 2013) | 24 lines
  
  Prevent crashes from occurring when reading from data sources with large values
  
  When reading configuration data from an Asterisk .conf file or when pulling
  data from an Asterisk RealTime backend, Asterisk was copying the data on the
  stack for manipulation. Unfortunately, it is possible to read configuration
  data or realtime data from some data source that provides a large blob of
  characters. This could potentially cause a crash via a stack overflow.
  
  This patch prevents large sets of data from being read from an ARA backend or
  from an Asterisk conf file.
  
  (issue ASTERISK-20658)
  Reported by: wdoekes
  Tested by: wdoekes, mmichelson
  patches:
   * issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
   * issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
  ........
  
  Merged revisions 378375 from http://svn.asterisk.org/svn/asterisk/branches/1.8
  ........
  
  Merged revisions 378376 from http://svn.asterisk.org/svn/asterisk/branches/11
................
  r378384 | mjordan | 2013-01-02 16:19:32 -0600 (Wed, 02 Jan 2013) | 11 lines
  
  Clean up app_mysql's application entry points to properly parse arguments
  
  When parsing arguments, application entry points should not attempt to
  directly modify the parameters to the function. This patch properly duplicates
  the passed in parameters before attempting to parse them.
  
  (issue ASTERISK-20658)
  Reported by: wdoekes
  patches:
    issueA20658_sanitize_app_mysql.patch uploaded by wdoekes (license 5674)
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@378385 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Automerge script
2013-01-02 22:19:49 +00:00
parent 675914bb17
commit b375abae50
6 changed files with 177 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
funcs/func_realtime.c
View File

@@ -219,6 +219,13 @@ static int function_realtime_read(struct ast_channel *chan, const char *cmd, cha
/* add space for delimiters and final '\0' */
resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
if (resultslen > len) {
ast_log(LOG_WARNING, "Failed to fetch. Realtime data is too large: need %zu, have %zu.\n", resultslen, len);
return -1;
}
/* len is going to be sensible, so we don't need to check for stack
* overflows here. */
out = ast_str_alloca(resultslen);
for (var = head; var; var = var->next)
ast_str_append(&out, 0, "%s%s%s%s", var->name, args.delim2, var->value, args.delim1);
@@ -439,6 +446,16 @@ static int function_realtime_readdestroy(struct ast_channel *chan, const char *c
/* add space for delimiters and final '\0' */
resultslen += n * (strlen(args.delim1) + strlen(args.delim2)) + 1;
if (resultslen > len) {
/* Unfortunately this does mean that we cannot destroy the row
* anymore. But OTOH, we're not destroying someones data without
* giving him the chance to look at it. */
ast_log(LOG_WARNING, "Failed to fetch/destroy. Realtime data is too large: need %zu, have %zu.\n", resultslen, len);
return -1;
}
/* len is going to be sensible, so we don't need to check for stack
* overflows here. */
out = ast_str_alloca(resultslen);
for (var = head; var; var = var->next) {
ast_str_append(&out, 0, "%s%s%s%s", var->name, args.delim2, var->value, args.delim1);