From 3c54328c572968a2e8e43257e1e521069a78379a Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Wed, 12 Oct 2016 16:24:14 -0500 Subject: Audit ast_json_pack() calls for needed UTF-8 checks. Added needed UTF-8 checks before constructing json objects in various files for strings obtained outside the system. In this case string values from a channel driver's peer and not from the user setting channel variables. * aoc.c: Fixed type mismatch in s_to_json() for time and granularity json object construction. ASTERISK-26466 Reported by: Richard Mudgett Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096 --- apps/app_fax.c | 14 +++++++------- apps/app_queue.c | 12 ++++++------ main/aoc.c | 17 ++++++++--------- main/cel.c | 4 ++-- res/res_fax.c | 12 +++++++----- res/stasis/app.c | 2 +- 6 files changed, 31 insertions(+), 30 deletions(-) diff --git a/apps/app_fax.c b/apps/app_fax.c index 88aa6ad1a..e2a7c2a4c 100644 --- a/apps/app_fax.c +++ b/apps/app_fax.c @@ -262,13 +262,13 @@ static void phase_e_handler(t30_state_t *f, void *user_data, int result) } ast_json_ref(json_filenames); json_object = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: i, s: o}", - "type", s->direction ? "send" : "receive", - "remote_station_id", far_ident, - "local_station_id", local_ident, - "fax_pages", pages_transferred, - "fax_resolution", stat.y_resolution, - "fax_bitrate", stat.bit_rate, - "filenames", json_filenames); + "type", s->direction ? "send" : "receive", + "remote_station_id", AST_JSON_UTF8_VALIDATE(far_ident), + "local_station_id", AST_JSON_UTF8_VALIDATE(local_ident), + "fax_pages", pages_transferred, + "fax_resolution", stat.y_resolution, + "fax_bitrate", stat.bit_rate, + "filenames", json_filenames); message = ast_channel_blob_create_from_cache(ast_channel_uniqueid(s->chan), ast_channel_fax_type(), json_object); if (!message) { return; diff --git a/apps/app_queue.c b/apps/app_queue.c index 45b5683ed..104f3e4f0 100644 --- a/apps/app_queue.c +++ b/apps/app_queue.c @@ -5616,12 +5616,12 @@ static void send_agent_complete(const char *queuename, struct ast_channel_snapsh } blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: s}", - "Queue", queuename, - "Interface", member->interface, - "MemberName", member->membername, - "HoldTime", (long)(callstart - holdstart), - "TalkTime", (long)(time(NULL) - callstart), - "Reason", reason); + "Queue", queuename, + "Interface", member->interface, + "MemberName", member->membername, + "HoldTime", (long)(callstart - holdstart), + "TalkTime", (long)(time(NULL) - callstart), + "Reason", reason ?: ""); queue_publish_multi_channel_snapshot_blob(ast_queue_topic(queuename), caller, peer, queue_agent_complete_type(), blob); diff --git a/main/aoc.c b/main/aoc.c index 4ab931536..6c518765c 100644 --- a/main/aoc.c +++ b/main/aoc.c @@ -1656,8 +1656,10 @@ static struct ast_json *units_to_json(const struct ast_aoc_decoded *decoded) static struct ast_json *currency_to_json(const char *name, int cost, enum ast_aoc_currency_multiplier mult) { - return ast_json_pack("{s:s, s:i, s:s}", "Name", name, - "Cost", cost, "Multiplier", aoc_multiplier_str(mult)); + return ast_json_pack("{s:s, s:i, s:s}", + "Name", AST_JSON_UTF8_VALIDATE(name), + "Cost", cost, + "Multiplier", aoc_multiplier_str(mult)); } static struct ast_json *charge_to_json(const struct ast_aoc_decoded *decoded) @@ -1692,9 +1694,8 @@ static struct ast_json *association_to_json(const struct ast_aoc_decoded *decode { switch (decoded->charging_association.charging_type) { case AST_AOC_CHARGING_ASSOCIATION_NUMBER: - return ast_json_pack( - "{s:s, s:i}", - "Number", decoded->charging_association.charge.number.number, + return ast_json_pack("{s:s, s:i}", + "Number", AST_JSON_UTF8_VALIDATE(decoded->charging_association.charge.number.number), "Plan", decoded->charging_association.charge.number.plan); case AST_AOC_CHARGING_ASSOCIATION_ID: return ast_json_pack( @@ -1740,14 +1741,12 @@ static struct ast_json *s_to_json(const struct ast_aoc_decoded *decoded) decoded->aoc_s_entries[i].rate.duration.amount, decoded->aoc_s_entries[i].rate.duration.multiplier); - time = ast_json_pack( - "{s:i, s:s}", + time = ast_json_pack("{s:i, s:i}", "Length", decoded->aoc_s_entries[i].rate.duration.time, "Scale", decoded->aoc_s_entries[i].rate.duration.time_scale); if (decoded->aoc_s_entries[i].rate.duration.granularity_time) { - granularity = ast_json_pack( - "{s:i, s:s}", + granularity = ast_json_pack("{s:i, s:i}", "Length", decoded->aoc_s_entries[i].rate.duration.granularity_time, "Scale", decoded->aoc_s_entries[i].rate.duration.granularity_time_scale); } diff --git a/main/cel.c b/main/cel.c index 4abaac7c8..0cdf1be00 100644 --- a/main/cel.c +++ b/main/cel.c @@ -1237,10 +1237,10 @@ static void cel_parking_cb( if (parked_payload->retriever) { extra = ast_json_pack("{s: s, s: s}", - "reason", reason, + "reason", reason ?: "", "retriever", parked_payload->retriever->name); } else { - extra = ast_json_pack("{s: s}", "reason", reason); + extra = ast_json_pack("{s: s}", "reason", reason ?: ""); } if (extra) { diff --git a/res/res_fax.c b/res/res_fax.c index ab0945a89..666c2d997 100644 --- a/res/res_fax.c +++ b/res/res_fax.c @@ -1415,11 +1415,13 @@ static int report_fax_status(struct ast_channel *chan, struct ast_fax_session_de } json_object = ast_json_pack("{s: s, s: s, s: s, s: s, s: o}", - "type", "status", - "operation", (details->caps & AST_FAX_TECH_GATEWAY) ? "gateway" : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send", - "status", status, - "local_station_id", details->localstationid, - "filenames", json_filenames); + "type", "status", + "operation", (details->caps & AST_FAX_TECH_GATEWAY) + ? "gateway" + : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send", + "status", status, + "local_station_id", AST_JSON_UTF8_VALIDATE(details->localstationid), + "filenames", json_filenames); if (!json_object) { return -1; } diff --git a/res/stasis/app.c b/res/stasis/app.c index 4e18aa5ae..957ed7f69 100644 --- a/res/stasis/app.c +++ b/res/stasis/app.c @@ -456,7 +456,7 @@ static struct ast_json *channel_dialplan( "type", "ChannelDialplan", "timestamp", ast_json_timeval(*tv, NULL), "dialplan_app", new_snapshot->appl, - "dialplan_app_data", new_snapshot->data, + "dialplan_app_data", AST_JSON_UTF8_VALIDATE(new_snapshot->data), "channel", json_channel); } -- cgit v1.2.3