[Home]

Summary:ASTERISK-02658: ast_modem_pvt() uses memory before checking if it is valid
Reporter:Edwin Groothuis (mavetju)Labels:
Date Opened:2004-10-22 22:27:35Date Closed:2008-01-15 15:11:34.000-0600
Priority:TrivialRegression?No
Status:Closed/CompleteComponents:Core/General
Versions:Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:ast_modem_pvt() zeros out the memory before checking if it is valid or not:

<pre>
static struct ast_modem_pvt *mkif(char *iface)
{              
       /* Make a ast_modem_pvt structure for this interface */
       struct ast_modem_pvt *tmp;
#if 0          
       int flags;
#endif          
               
       tmp = malloc(sizeof(struct ast_modem_pvt));
       memset(tmp, 0, sizeof(struct ast_modem_pvt));
       if (tmp) {
               tmp->fd = open(iface, O_RDWR | O_NONBLOCK);
               if (tmp->fd < 0) {
</pre>

It's not fatal by default, except when it can't allocate the memory and then it's too late anyway :-)


****** ADDITIONAL INFORMATION ******

Fix:
<pre>
static struct ast_modem_pvt *mkif(char *iface)
{              
       /* Make a ast_modem_pvt structure for this interface */
       struct ast_modem_pvt *tmp;
#if 0          
       int flags;
#endif          
               
       tmp = malloc(sizeof(struct ast_modem_pvt));
-       memset(tmp, 0, sizeof(struct ast_modem_pvt));
       if (tmp) {
+               memset(tmp, 0, sizeof(struct ast_modem_pvt));
               tmp->fd = open(iface, O_RDWR | O_NONBLOCK);
               if (tmp->fd < 0) {
</pre>
Comments:By: Brian West (bkw918) 2004-10-23 01:53:11

attach a diff -u please
By: James Golovich (jamesgolovich) 2004-10-23 01:59:52

Fixed in CVS
By: Russell Bryant (russell) 2004-10-24 17:06:09

fixed in 1.0
By: Digium Subversion (svnbot) 2008-01-15 15:11:34.000-0600

Repository: asterisk
Revision: 4087

U   branches/v1-0/channels/chan_modem.c

------------------------------------------------------------------------
r4087 | russell | 2008-01-15 15:11:34 -0600 (Tue, 15 Jan 2008) | 2 lines

make sure malloc was successful before doing memset (bug ASTERISK-2658)

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=4087