| Summary: | ASTERISK-14698: [patch] Incorrect parsing of day range in pbx.c | ||
| Reporter: | Hooi Ng (hooi) | Labels: | |
| Date Opened: | 2009-08-23 21:46:04 | Date Closed: | 2010-02-09 06:57:35.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/PBX |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) 20090825__issue15765.diff.txt | |
| Description: | The patch http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt contains incorrect sscanf format for parsing start of day and end of day in pbx.c whereby it assumes "day" is single digit. That is: sscanf(day, "%1d", &s) should be sscanf(day, "%2d", &s) [at line 4019] and sscanf(day, "%1d", &e) should be sscanf(day, "%2d", &e) [at line 4029] This impact on anything that uses ast_build_timing() such as GotoIfTime() and ExecIfTime(). | ||
| Comments: | By: Leif Madsen (lmadsen) 2009-08-25 09:20:19 Tilghman: what do you want me to test here? When you assign something to me, can you please just stick in a little note stating why it is assigned? Thanks! By: Leif Madsen (lmadsen) 2009-08-25 10:42:12 OK! So I just confirmed the issue. I will now test Tilghmans patch to make sure all is well. By: Leif Madsen (lmadsen) 2009-08-25 10:43:16 Oh wait, for some reason I thought Tilghman put a patch on here :) Anyways, the issue is confirmed. By: Tilghman Lesher (tilghman) 2009-08-25 10:49:19 lmadsen: was to your attention, since a dot release of 1.2 would be needed. By: Nic Bellamy (nic_bellamy) 2009-10-01 16:04:30 This is a pretty major regression, at least for me, who just this morning found 39 systems in holiday mode due to GotoIfTime(*|*|26|oct?...) matching the 2nd of October. :-) Patch definitely fixes it, as it's binary-identical to the patch I whipped up and tested independently this morning (before finding this ticket). By: Digium Subversion (svnbot) 2009-10-01 16:23:09 Repository: asterisk Revision: 221754 U branches/1.2/pbx.c ------------------------------------------------------------------------ r221754 | tilghman | 2009-10-01 16:23:09 -0500 (Thu, 01 Oct 2009) | 8 lines Days are days of month, not days of week. Fixes regression due to AST-2009-005. (closes issue ASTERISK-14698) Reported by: hooi Patches: 20090825__issue15765.diff.txt uploaded by tilghman (license 14) Tested by: nic_bellamy ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=221754 By: Digium Subversion (svnbot) 2010-02-09 06:57:35.000-0600 Repository: asterisk Revision: 245669 U tags/1.2.38/pbx.c ------------------------------------------------------------------------ r245669 | lmadsen | 2010-02-09 06:57:34 -0600 (Tue, 09 Feb 2010) | 2 lines Import change from revision 221754 that was missed. (issue ASTERISK-14698) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=245669 | ||