strtol can parse negative values which opens the hole for a NUL
injection. The (invalid) entity "&#-256;" is parsed as 0xFFFFFF00 which
(when casted to a char) becomes 0.
Avoid this attack by using unsigned long integers. To avoid undefined
behavior due to negative shifts, restrict the upper bound of the code
points to the UTF-8 limits. (Add an assertion to make the Clang static
analyzer happy.)
Note: due to the specification of strtol, leading spaces and minus/plus
signs are also allowed, explicitly check for an integer. "�x1;" is
still accepted, but that is considered a minor issue.
Partially rewrite switch_xml_set_attr to fix memory leaks, uninitialized
argument values and use-after free warnings from Clang static analyzer.
Fixes these problems:
- Add some comments and a new variable such that the code can more
easily be audited / understood.
- Always clear SWITCH_XML_DUP flag even if an error occurred to prevent
free()'ing static strings on future invocations.
- Keep the attribute list in a consistent state even if one of the
memory allocation fails.
- Keep allocation metadata in a consistent state when shrinking of the
attribute lists fails. Previously the metadata was not updated,
resulting in a wrong mapping from attributes to allocation flags.
- Fix memory leaks when allocations fail.
Previous behavior: invalid memory accesses are possible after a memory
allocation failure, previous attributes may be lost.
New behavior: attributes list is always valid, a new attribute is either
set (or not), attributes can always be removed.
script calling session:getVariable() with a null variable
name will cause FreeSWITCH to segfault.
This change checks whether varname parameter to
switch_channel_get_variable_dup is non-NULL.
This change makes it so that event_handlers/mod_amqp is avoided when building
debian packages for Ubuntu 14.04 (Trusty). If this module is packaged there is
a dependency issue related to the rabbitmq libraries.
Avoiding the module was the simplest solution to achieve debian packaging on the
Ubuntu 14.04 OS.
* commit '320cf0adb837a8860c09c717b29c666ccb9a3c5b':
Target link for the plugin url, added comment explaining override $.FSRTC callback
FS-8222 [verto_communicator] updated getScreenId.js in order to detect plugin issues and attached an 'ended' event to screenshare stream in order to detect 'stop sharing' click
* commit 'e6ae2e9becd51fe1ea4141d381ba2006bac823f3':
FS-8392: change rtpmap payload to a number in dynamic range to allow both H263 and H263+ to be offered
* commit 'd145111eed3505e11d9d0f0a891eab3945dddf36':
FS-8344: mod_opus: toggle FEC on the last frame which is to be packed, so that FEC will be only present on the first SILK frame of the next Opus frame (Opus repacketization).
This allows for the core file params vw and vh to be used to modify the
resolution of recordings. If the specified resolution does not match
the resolution of the call being recorded, the video will be scaled.
