From 80822297d4f9f52aeb02ecca2c1da1a3f840c419 Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Wed, 24 Jun 2009 21:08:55 +0000
Subject: Merged revisions 203036 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r203036 | rmudgett | 2009-06-24 16:01:43 -0500 (Wed, 24 Jun 2009) | 8 lines

  Improved chan_dahdi.conf pritimer error checking.

  Valid format is: pritimer=timer_name,timer_value

  *  Fixed segfault if the ',' is missing.
  *  Completely check the range returned by pri_timer2idx() to prevent
  possible access outside array bounds.
........


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@203037 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_dahdi.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 2a09635d6..765eb19d6 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -18220,22 +18220,34 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct
 #endif
 			} else if (!strcasecmp(v->name, "pritimer")) {
 #ifdef PRI_GETSET_TIMERS
-				char tmp[20], *timerc, *c = tmp;
-				int timer, timeridx;
+				char tmp[20];
+				char *timerc;
+				char *c;
+				int timer;
+				int timeridx;
+
 				ast_copy_string(tmp, v->value, sizeof(tmp));
+				c = tmp;
 				timerc = strsep(&c, ",");
-				if (timerc) {
+				if (!ast_strlen_zero(timerc) && !ast_strlen_zero(c)) {
+					timeridx = pri_timer2idx(timerc);
 					timer = atoi(c);
-					if (!timer)
-						ast_log(LOG_WARNING, "'%s' is not a valid value for an ISDN timer at line %d.\n", timerc, v->lineno);
-					else {
-						if ((timeridx = pri_timer2idx(timerc)) >= 0)
-							pritimers[timeridx] = timer;
-						else
-							ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer at line %d.\n", timerc, v->lineno);
+					if (timeridx < 0 || PRI_MAX_TIMERS <= timeridx) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid ISDN timer at line %d.\n", timerc,
+							v->lineno);
+					} else if (!timer) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid value for ISDN timer '%s' at line %d.\n",
+							c, timerc, v->lineno);
+					} else {
+						pritimers[timeridx] = timer;
 					}
-				} else
-					ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer configuration string at line %d.\n", v->value, v->lineno);
+				} else {
+					ast_log(LOG_WARNING,
+						"'%s' is not a valid ISDN timer configuration string at line %d.\n",
+						v->value, v->lineno);
+				}
 #endif /* PRI_GETSET_TIMERS */
 			} else if (!strcasecmp(v->name, "facilityenable")) {
 				confp->pri.facilityenable = ast_true(v->value);
-- 
cgit v1.2.3