From 1fca95b1d45f01ad13edef77cd0b04db546c8a89 Mon Sep 17 00:00:00 2001 From: Tilghman Lesher Date: Mon, 2 May 2011 19:15:46 +0000 Subject: Merged revisions 316094 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r316094 | tilghman | 2011-05-02 14:09:55 -0500 (Mon, 02 May 2011) | 15 lines Merged revisions 316093 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r316093 | tilghman | 2011-05-02 14:04:36 -0500 (Mon, 02 May 2011) | 8 lines More possible crashes based upon invalid inputs. (closes issue #18161) Reported by: wdoekes Patches: 20110301__issue18161.diff.txt uploaded by tilghman (license 14) Tested by: wdoekes ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@316095 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- funcs/func_curl.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/funcs/func_curl.c b/funcs/func_curl.c index e5784652f..24f6fd923 100644 --- a/funcs/func_curl.c +++ b/funcs/func_curl.c @@ -582,6 +582,10 @@ static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info *buf = '\0'; } + if (!str) { + return -1; + } + if (ast_strlen_zero(info)) { ast_log(LOG_WARNING, "CURL requires an argument (URL)\n"); ast_free(str); @@ -651,21 +655,22 @@ static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info int rowcount = 0; while (fields && values && (piece = strsep(&remainder, "&"))) { char *name = strsep(&piece, "="); - if (!piece) { - piece = ""; - } /* Do this before the decode, because if something has encoded * a literal plus-sign, we don't want to translate that to a * space. */ if (hashcompat == HASHCOMPAT_LEGACY) { - ast_uri_decode(piece, ast_uri_http_legacy); + if (piece) { + ast_uri_decode(piece, ast_uri_http_legacy); + } ast_uri_decode(name, ast_uri_http_legacy); } else { - ast_uri_decode(piece, ast_uri_http); + if (piece) { + ast_uri_decode(piece, ast_uri_http); + } ast_uri_decode(name, ast_uri_http); } ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name); - ast_str_append(&values, 0, "%s%s", rowcount ? "," : "", piece); + ast_str_append(&values, 0, "%s%s", rowcount ? "," : "", S_OR(piece, "")); rowcount++; } pbx_builtin_setvar_helper(chan, "~ODBCFIELDS~", ast_str_buffer(fields)); -- cgit v1.2.3