Summary:ASTERISK-16598: [patch] 'dialplan save' crash when '|' (pipe) is used. Patch included.
Reporter:knutant (knutant)Labels:
Date Opened:2010-08-20 07:39:56Date Closed:2011-06-07 14:00:20
Versions:Frequency of
Environment:Attachments:( 0) dialplan-save-fix-svn.patch
Description:I was trying out the 'dialplan save' call from the asterisk CLI and it crashed when trying to write out this line (which it had already read from extensions.conf on startup):

exten => 1234,1,RTPPage(basic||ulaw|ef)

By looking at the code I noticed that it tries to replace '|' with ',' but the buffer it writes to is only allocated to 1 byte, so it crashes. It might be worth noting that I ran Asterisk on a blackfin processor under uClinux, but looking at the code I do not thing that matters.

The problem is located at line 1370 in pbx/pbx_config.c where the char pointer to tempdata is allocated. It takes strlen(tempdata) instead of strlen(s) and because tempdata is set to an empty string a few lines up, this will always allocate a single byte.

I've looked at the latest revision of pbx_config.c in the 1.4 branch, and the problem is still there. I've added a patch in the addition information field. By using this patch, the crash is avoided and the writeout seems to work correctly.


diff -Naur a/pbx/pbx_config.c b/pbx/pbx_config.c
--- a/pbx/pbx_config.c  2010-08-20 14:26:12.071124000 +0200
+++ b/pbx/pbx_config.c  2010-08-20 14:26:32.721123999 +0200
@@ -1307,7 +1307,7 @@
                   s = ast_get_extension_app_data(p);
                   if (s) {
                       char *t;
-                       tempdata = alloca(strlen(tempdata) * 2 + 1);
+                       tempdata = alloca(strlen(s) * 2 + 1);

                       for (t = tempdata; *s; s++, t++) {
                           if (*s == '|')
Comments:By: Paul Belanger (pabelanger) 2010-08-20 15:37:14

While only a one line fix, please upload your patch to the tracker using 'svn diff'.  It makes it easier for people to download and test.

By: Leif Madsen (lmadsen) 2010-08-23 12:37:11

Your license was rejected. Please correct the issue with the license and resubmit your patch as the one submitted is no longer available for use.

By: Leif Madsen (lmadsen) 2010-10-14 13:55:42

No feedback from reporter. Suspending issue.