Summary:	ASTERISK-16598: [patch] 'dialplan save' crash when '|' (pipe) is used. Patch included.
Reporter:	knutant (knutant)	Labels:
Date Opened:	2010-08-20 07:39:56	Date Closed:	2011-06-07 14:00:20
Priority:	Critical	Regression?	No
Status:	Closed/Complete	Components:	PBX/pbx_config
Versions:		Frequency of Occurrence
Related Issues:
Environment:		Attachments:	( 0) dialplan-save-fix-svn.patch
Description:	I was trying out the 'dialplan save' call from the asterisk CLI and it crashed when trying to write out this line (which it had already read from extensions.conf on startup): exten => 1234,1,RTPPage(basic|224.0.0.1:7000|ulaw|ef) By looking at the code I noticed that it tries to replace '|' with ',' but the buffer it writes to is only allocated to 1 byte, so it crashes. It might be worth noting that I ran Asterisk on a blackfin processor under uClinux, but looking at the code I do not thing that matters. The problem is located at line 1370 in pbx/pbx_config.c where the char pointer to tempdata is allocated. It takes strlen(tempdata) instead of strlen(s) and because tempdata is set to an empty string a few lines up, this will always allocate a single byte. I've looked at the latest revision of pbx_config.c in the 1.4 branch, and the problem is still there. I've added a patch in the addition information field. By using this patch, the crash is avoided and the writeout seems to work correctly. ****** ADDITIONAL INFORMATION ****** diff -Naur a/pbx/pbx_config.c b/pbx/pbx_config.c --- a/pbx/pbx_config.c  2010-08-20 14:26:12.071124000 +0200 +++ b/pbx/pbx_config.c  2010-08-20 14:26:32.721123999 +0200 @@ -1307,7 +1307,7 @@                    s = ast_get_extension_app_data(p);                    if (s) {                        char *t; -                       tempdata = alloca(strlen(tempdata) * 2 + 1); +                       tempdata = alloca(strlen(s) * 2 + 1);                        for (t = tempdata; *s; s++, t++) {                            if (*s == '|')
Comments:	By: Paul Belanger (pabelanger) 2010-08-20 15:37:14 While only a one line fix, please upload your patch to the tracker using 'svn diff'.  It makes it easier for people to download and test. By: Leif Madsen (lmadsen) 2010-08-23 12:37:11 Your license was rejected. Please correct the issue with the license and resubmit your patch as the one submitted is no longer available for use. By: Leif Madsen (lmadsen) 2010-10-14 13:55:42 No feedback from reporter. Suspending issue.