Summary: | ASTERISK-08899: Eval leaks stack data on the end of the result string | ||
Reporter: | Mike Jagdis (mjagdis) | Labels: | |
Date Opened: | 2007-02-27 16:14:05.000-0600 | Date Closed: | 2007-03-13 20:56:49 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/Configuration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | funcs/func_eval.c:function_eval does "buf[0] = '\0';" but pbx_substitute_variables_helper assumes the buffer is completely zero filled. I can get data leakage on the end of a ${EVAL(...)} result but I don't have a simple test case. The problem is clear, though. The same confusion may well exist elsewhere. No patch. Either eval should zero the whole buffer or pbx_substitute_variables_helper should end with a "*cp2 = '\0';". Personally I'd prefer the latter as all this buffer zeroing to save underlying functions null-terminating strings is just _wrong_. | ||
Comments: | By: kotique (kotique) 2007-03-13 16:15:07 The same here. Guys, that's awfully wrong. // ${cutpattern} is "${NEWNUMBER}" Set(NEWNUMBER=${EVAL(${cutpattern})}); evals to: Set("SIP/out-b7266f28", "NEWNUMBER=011584146456004ER}") You see "ER}" at the end of the string ? That's wrong ! In some cases I'm getting the whole SIP conversation dialog in that variable. By: Tilghman Lesher (tilghman) 2007-03-13 20:56:49 Committed in 58880 and 58881. Note that the reason why I changed the EVAL code is that it's documented that pbx_substitute_variables_helper should be given a zero-initialized buffer, and EVAL was not in compliance with documentation. |