| Summary: | ASTERISK-03100: Integer overflow in pbx_builtin_wait | ||
| Reporter: | fabeman (fabeman) | Labels: | |
| Date Opened: | 2004-12-27 10:16:10.000-0600 | Date Closed: | 2011-06-07 14:10:16 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | As the title already tells us there's no range check in pbx_builtin_wait. If you pass a value bigger than an int to Wait() in the dialplan it will mostly return immediatly (the int goes < 0) or will wait an unexpected amount of time. i'm unsure about what the expected behaviour should be. ****** ADDITIONAL INFORMATION ****** possible would be a switch from atof to strtod which supports checking of the passed value for the number range and then log an error something to the console? | ||
| Comments: | By: Clod Patry (junky) 2004-12-27 13:02:27.000-0600 Why do you need to pass a so-high value to wait exactly? Any precise examples we should know? im sure the remote caller will hangup before the end of that wait. Recently added to CVS, the While application can do this if it's really needed. By: Tilghman Lesher (tilghman) 2004-12-27 14:08:23.000-0600 Given that the overflow point to Wait() is approximately 24 days (0x7fffffff / 1000 / 86400), I hardly think this is really an issue. [1000 ms in a sec; 86400 seconds in a day]. I suppose we might think about making the parameter unsigned, as it doesn't make any sense to wait a negative amount of time. However, why exactly do you need callers to wait on the phone without processing any DTMF from the caller (as Wait() does) for longer than 24 days? Perhaps some kind of cruel telemarketing hold-queue-for-people-who-wish-to-be-added-to-their-Do-Not-Call-list ? | ||