diff options
author | Automerge script <automerge@asterisk.org> | 2013-01-02 22:19:49 +0000 |
---|---|---|
committer | Automerge script <automerge@asterisk.org> | 2013-01-02 22:19:49 +0000 |
commit | b375abae5017c613483c6d47305c04f00dff5760 (patch) | |
tree | f0e374333db2a3de8f49908704db207fc07b39bf /addons | |
parent | 675914bb1756fada8599600e4544ddc2a8c808b1 (diff) |
Merged revisions 378374,378377,378384 via svnmerge from
file:///srv/subversion/repos/asterisk/trunk
................
r378374 | rmudgett | 2013-01-02 15:23:16 -0600 (Wed, 02 Jan 2013) | 33 lines
Fix AMI redirect action with two channels failing to redirect both channels.
The AMI redirect action can fail to redirect two channels that are bridged
together. There is a race between the AMI thread redirecting the two
channels and the bridge thread noticing that a channel is hungup from the
redirects.
* Made the bridge wait for both channels to be redirected before exiting.
* Made the AMI redirect check that all required headers are present before
proceeding with the redirection.
* Made the AMI redirect require that any supplied ExtraChannel exist
before proceeding. Previously the code fell back to a single channel
redirect operation.
(closes issue ASTERISK-18975)
Reported by: Ben Klang
(closes issue ASTERISK-19948)
Reported by: Brent Dalgleish
Patches:
jira_asterisk_19948_v11.patch (license #5621) patch uploaded by rmudgett
Tested by: rmudgett, Thomas Sevestre, Deepak Lohani, Kayode
Review: https://reviewboard.asterisk.org/r/2243/
........
Merged revisions 378356 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378358 from http://svn.asterisk.org/svn/asterisk/branches/11
................
r378377 | mjordan | 2013-01-02 16:10:32 -0600 (Wed, 02 Jan 2013) | 24 lines
Prevent crashes from occurring when reading from data sources with large values
When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.
This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.
(issue ASTERISK-20658)
Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
* issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
* issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
........
Merged revisions 378375 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378376 from http://svn.asterisk.org/svn/asterisk/branches/11
................
r378384 | mjordan | 2013-01-02 16:19:32 -0600 (Wed, 02 Jan 2013) | 11 lines
Clean up app_mysql's application entry points to properly parse arguments
When parsing arguments, application entry points should not attempt to
directly modify the parameters to the function. This patch properly duplicates
the passed in parameters before attempting to parse them.
(issue ASTERISK-20658)
Reported by: wdoekes
patches:
issueA20658_sanitize_app_mysql.patch uploaded by wdoekes (license 5674)
................
git-svn-id: https://origsvn.digium.com/svn/asterisk/team/mmichelson/threadpool@378385 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'addons')
-rw-r--r-- | addons/app_mysql.c | 54 |
1 files changed, 30 insertions, 24 deletions
diff --git a/addons/app_mysql.c b/addons/app_mysql.c index dda45243b..2e1b4f4dc 100644 --- a/addons/app_mysql.c +++ b/addons/app_mysql.c @@ -292,16 +292,17 @@ static int safe_scan_int(char **data, char *delim, int def) return res; } -static int aMYSQL_set(struct ast_channel *chan, char *data) +static int aMYSQL_set(struct ast_channel *chan, const char *data) { - char *var, *tmp; + char *var, *tmp, *parse; AST_DECLARE_APP_ARGS(args, AST_APP_ARG(set); AST_APP_ARG(variable); AST_APP_ARG(value); ); - AST_NONSTANDARD_APP_ARGS(args, data, ' '); + parse = ast_strdupa(data); + AST_NONSTANDARD_APP_ARGS(args, parse, ' '); if (args.argc == 3) { var = ast_alloca(6 + strlen(args.variable) + 1); @@ -317,7 +318,7 @@ static int aMYSQL_set(struct ast_channel *chan, char *data) } /* MYSQL operations */ -static int aMYSQL_connect(struct ast_channel *chan, char *data) +static int aMYSQL_connect(struct ast_channel *chan, const char *data) { AST_DECLARE_APP_ARGS(args, AST_APP_ARG(connect); @@ -333,8 +334,9 @@ static int aMYSQL_connect(struct ast_channel *chan, char *data) const char *ctimeout; unsigned int port = 0; char *port_str; - - AST_NONSTANDARD_APP_ARGS(args, data, ' '); + char *parse = ast_strdupa(data); + + AST_NONSTANDARD_APP_ARGS(args, parse, ' '); if (args.argc < 6) { ast_log(LOG_WARNING, "MYSQL_connect is missing some arguments\n"); @@ -385,7 +387,7 @@ static int aMYSQL_connect(struct ast_channel *chan, char *data) return 0; } -static int aMYSQL_query(struct ast_channel *chan, char *data) +static int aMYSQL_query(struct ast_channel *chan, const char *data) { AST_DECLARE_APP_ARGS(args, AST_APP_ARG(query); @@ -397,8 +399,9 @@ static int aMYSQL_query(struct ast_channel *chan, char *data) MYSQL_RES *mysqlres; int connid; int mysql_query_res; + char *parse = ast_strdupa(data); - AST_NONSTANDARD_APP_ARGS(args, data, ' '); + AST_NONSTANDARD_APP_ARGS(args, parse, ' '); if (args.argc != 4 || (connid = atoi(args.connid)) == 0) { ast_log(LOG_WARNING, "missing some arguments\n"); @@ -426,7 +429,7 @@ static int aMYSQL_query(struct ast_channel *chan, char *data) return -1; } -static int aMYSQL_nextresult(struct ast_channel *chan, char *data) +static int aMYSQL_nextresult(struct ast_channel *chan, const char *data) { MYSQL *mysql; MYSQL_RES *mysqlres; @@ -436,8 +439,9 @@ static int aMYSQL_nextresult(struct ast_channel *chan, char *data) AST_APP_ARG(connid); ); int connid = -1; + char *parse = ast_strdupa(data); - AST_NONSTANDARD_APP_ARGS(args, data, ' '); + AST_NONSTANDARD_APP_ARGS(args, parse, ' '); sscanf(args.connid, "%30d", &connid); if (args.argc != 3 || connid <= 0) { @@ -466,7 +470,7 @@ static int aMYSQL_nextresult(struct ast_channel *chan, char *data) } -static int aMYSQL_fetch(struct ast_channel *chan, char *data) +static int aMYSQL_fetch(struct ast_channel *chan, const char *data) { MYSQL_RES *mysqlres; MYSQL_ROW mysqlrow; @@ -518,13 +522,14 @@ static int aMYSQL_fetch(struct ast_channel *chan, char *data) return -1; } -static int aMYSQL_clear(struct ast_channel *chan, char *data) +static int aMYSQL_clear(struct ast_channel *chan, const char *data) { MYSQL_RES *mysqlres; int id; - strsep(&data, " "); /* eat the first token, we already know it :P */ - id = safe_scan_int(&data, " \n", -1); + char *parse = ast_strdupa(data); + strsep(&parse, " "); /* eat the first token, we already know it :P */ + id = safe_scan_int(&parse, " \n", -1); if ((mysqlres = find_identifier(id, AST_MYSQL_ID_RESID)) == NULL) { ast_log(LOG_WARNING, "Invalid result identifier %d passed in aMYSQL_clear\n", id); } else { @@ -535,13 +540,14 @@ static int aMYSQL_clear(struct ast_channel *chan, char *data) return 0; } -static int aMYSQL_disconnect(struct ast_channel *chan, char *data) +static int aMYSQL_disconnect(struct ast_channel *chan, const char *data) { MYSQL *mysql; int id; - strsep(&data, " "); /* eat the first token, we already know it :P */ + char *parse = ast_strdupa(data); + strsep(&parse, " "); /* eat the first token, we already know it :P */ - id = safe_scan_int(&data, " \n", -1); + id = safe_scan_int(&parse, " \n", -1); if ((mysql = find_identifier(id, AST_MYSQL_ID_CONNID)) == NULL) { ast_log(LOG_WARNING, "Invalid connection identifier %d passed in aMYSQL_disconnect\n", id); } else { @@ -584,19 +590,19 @@ static int MYSQL_exec(struct ast_channel *chan, const char *data) ast_mutex_lock(&_mysql_mutex); if (strncasecmp("connect", data, strlen("connect")) == 0) { - result = aMYSQL_connect(chan, ast_strdupa(data)); + result = aMYSQL_connect(chan, data); } else if (strncasecmp("query", data, strlen("query")) == 0) { - result = aMYSQL_query(chan, ast_strdupa(data)); + result = aMYSQL_query(chan, data); } else if (strncasecmp("nextresult", data, strlen("nextresult")) == 0) { - result = aMYSQL_nextresult(chan, ast_strdupa(data)); + result = aMYSQL_nextresult(chan, data); } else if (strncasecmp("fetch", data, strlen("fetch")) == 0) { - result = aMYSQL_fetch(chan, ast_strdupa(data)); + result = aMYSQL_fetch(chan, data); } else if (strncasecmp("clear", data, strlen("clear")) == 0) { - result = aMYSQL_clear(chan, ast_strdupa(data)); + result = aMYSQL_clear(chan, data); } else if (strncasecmp("disconnect", data, strlen("disconnect")) == 0) { - result = aMYSQL_disconnect(chan, ast_strdupa(data)); + result = aMYSQL_disconnect(chan, data); } else if (strncasecmp("set", data, 3) == 0) { - result = aMYSQL_set(chan, ast_strdupa(data)); + result = aMYSQL_set(chan, data); } else { ast_log(LOG_WARNING, "Unknown argument to MYSQL application : %s\n", data); result = -1; |