Summary: | ASTERISK-16598: [patch] 'dialplan save' crash when '|' (pipe) is used. Patch included. | ||
Reporter: | knutant (knutant) | Labels: | |
Date Opened: | 2010-08-20 07:39:56 | Date Closed: | 2011-06-07 14:00:20 |
Priority: | Critical | Regression? | No |
Status: | Closed/Complete | Components: | PBX/pbx_config |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ( 0) dialplan-save-fix-svn.patch | |
Description: | I was trying out the 'dialplan save' call from the asterisk CLI and it crashed when trying to write out this line (which it had already read from extensions.conf on startup): exten => 1234,1,RTPPage(basic|224.0.0.1:7000|ulaw|ef) By looking at the code I noticed that it tries to replace '|' with ',' but the buffer it writes to is only allocated to 1 byte, so it crashes. It might be worth noting that I ran Asterisk on a blackfin processor under uClinux, but looking at the code I do not thing that matters. The problem is located at line 1370 in pbx/pbx_config.c where the char pointer to tempdata is allocated. It takes strlen(tempdata) instead of strlen(s) and because tempdata is set to an empty string a few lines up, this will always allocate a single byte. I've looked at the latest revision of pbx_config.c in the 1.4 branch, and the problem is still there. I've added a patch in the addition information field. By using this patch, the crash is avoided and the writeout seems to work correctly. ****** ADDITIONAL INFORMATION ****** diff -Naur a/pbx/pbx_config.c b/pbx/pbx_config.c --- a/pbx/pbx_config.c 2010-08-20 14:26:12.071124000 +0200 +++ b/pbx/pbx_config.c 2010-08-20 14:26:32.721123999 +0200 @@ -1307,7 +1307,7 @@ s = ast_get_extension_app_data(p); if (s) { char *t; - tempdata = alloca(strlen(tempdata) * 2 + 1); + tempdata = alloca(strlen(s) * 2 + 1); for (t = tempdata; *s; s++, t++) { if (*s == '|') | ||
Comments: | By: Paul Belanger (pabelanger) 2010-08-20 15:37:14 While only a one line fix, please upload your patch to the tracker using 'svn diff'. It makes it easier for people to download and test. By: Leif Madsen (lmadsen) 2010-08-23 12:37:11 Your license was rejected. Please correct the issue with the license and resubmit your patch as the one submitted is no longer available for use. By: Leif Madsen (lmadsen) 2010-10-14 13:55:42 No feedback from reporter. Suspending issue. |