ARI: Fix crash if integer values used in JSON payload 'variables' object.

Sending the following ARI commands caused Asterisk to crash if the JSON body 'variables' object passes values of types other than strings. POST /ari/channels POST /ari/channels/{channelid} PUT /ari/endpoints/sendMessage PUT /ari/endpoints/{tech}/{resource}/sendMessage * Eliminated RAII_VAR usage in ast_ari_channels_originate_with_id(), ast_ari_channels_originate(), ast_ari_endpoints_send_message(), and ast_ari_endpoints_send_message_to_endpoint(). ASTERISK-24751 #close Reported by: jeffrey putnam Review: https://reviewboard.asterisk.org/r/4447/ ........ Merged revisions 432404 from http://svn.asterisk.org/svn/asterisk/branches/13 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@432405 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Richard Mudgett <rmudgett@digium.com> 2015-02-27 18:31:31 +0000
committer: Richard Mudgett <rmudgett@digium.com> 2015-02-27 18:31:31 +0000
commit: 9e841e4fb62f072f26f076bd4dd2a8eebe7a9e75 (patch)
tree: e0040f22d288c44f53089f95868540264a5689fe /main
parent: d79670b2694c22ab078e029a6a3b7e066d6ae531 (diff)
1 files changed, 22 insertions, 7 deletions
diff --git a/main/json.c b/main/json.c
index 88e807772..35e6f16ce 100644
--- a/main/json.c
+++ b/main/json.c
@@ -882,32 +882,47 @@ struct ast_json *ast_json_party_id(struct ast_party_id *party)
 	return ast_json_ref(json_party_id);
 }
 
-int ast_json_to_ast_variables(struct ast_json *json_variables, struct ast_variable **variables)
+enum ast_json_to_ast_vars_code ast_json_to_ast_variables(struct ast_json *json_variables, struct ast_variable **variables)
 {
 	struct ast_json_iter *it_json_var;
 
 	*variables = NULL;
 
 	for (it_json_var = ast_json_object_iter(json_variables); it_json_var;
-		 it_json_var = ast_json_object_iter_next(json_variables, it_json_var)) {
+		it_json_var = ast_json_object_iter_next(json_variables, it_json_var)) {
 		struct ast_variable *new_var;
 		const char *key = ast_json_object_iter_key(it_json_var);
+		const char *value;
+		struct ast_json *json_value;
 
 		if (ast_strlen_zero(key)) {
 			continue;
 		}
 
-		new_var = ast_variable_new(key,
-		                           ast_json_string_get(ast_json_object_iter_value(it_json_var)),
-		                           "");
+		json_value = ast_json_object_iter_value(it_json_var);
+		if (ast_json_typeof(json_value) != AST_JSON_STRING) {
+			/* Error: Only strings allowed */
+			ast_variables_destroy(*variables);
+			*variables = NULL;
+			return AST_JSON_TO_AST_VARS_CODE_INVALID_TYPE;
+		}
+		value = ast_json_string_get(json_value);
+		/* Should never be NULL.  Otherwise, how could it be a string type? */
+		ast_assert(value != NULL);
+		if (!value) {
+			/* To be safe. */
+			continue;
+		}
+		new_var = ast_variable_new(key, value, "");
 		if (!new_var) {
+			/* Error: OOM */
 			ast_variables_destroy(*variables);
 			*variables = NULL;
-			return -1;
+			return AST_JSON_TO_AST_VARS_CODE_OOM;
 		}
 
 		ast_variable_list_append(variables, new_var);
 	}
 
-	return 0;
+	return AST_JSON_TO_AST_VARS_CODE_SUCCESS;
 }
author	Richard Mudgett <rmudgett@digium.com>	2015-02-27 18:31:31 +0000
committer	Richard Mudgett <rmudgett@digium.com>	2015-02-27 18:31:31 +0000
commit	9e841e4fb62f072f26f076bd4dd2a8eebe7a9e75 (patch)
tree	e0040f22d288c44f53089f95868540264a5689fe /main
parent	d79670b2694c22ab078e029a6a3b7e066d6ae531 (diff)