From 3c54328c572968a2e8e43257e1e521069a78379a Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Wed, 12 Oct 2016 16:24:14 -0500 Subject: Audit ast_json_pack() calls for needed UTF-8 checks. Added needed UTF-8 checks before constructing json objects in various files for strings obtained outside the system. In this case string values from a channel driver's peer and not from the user setting channel variables. * aoc.c: Fixed type mismatch in s_to_json() for time and granularity json object construction. ASTERISK-26466 Reported by: Richard Mudgett Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096 --- apps/app_fax.c | 14 +++++++------- apps/app_queue.c | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) (limited to 'apps') diff --git a/apps/app_fax.c b/apps/app_fax.c index 88aa6ad1a..e2a7c2a4c 100644 --- a/apps/app_fax.c +++ b/apps/app_fax.c @@ -262,13 +262,13 @@ static void phase_e_handler(t30_state_t *f, void *user_data, int result) } ast_json_ref(json_filenames); json_object = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: i, s: o}", - "type", s->direction ? "send" : "receive", - "remote_station_id", far_ident, - "local_station_id", local_ident, - "fax_pages", pages_transferred, - "fax_resolution", stat.y_resolution, - "fax_bitrate", stat.bit_rate, - "filenames", json_filenames); + "type", s->direction ? "send" : "receive", + "remote_station_id", AST_JSON_UTF8_VALIDATE(far_ident), + "local_station_id", AST_JSON_UTF8_VALIDATE(local_ident), + "fax_pages", pages_transferred, + "fax_resolution", stat.y_resolution, + "fax_bitrate", stat.bit_rate, + "filenames", json_filenames); message = ast_channel_blob_create_from_cache(ast_channel_uniqueid(s->chan), ast_channel_fax_type(), json_object); if (!message) { return; diff --git a/apps/app_queue.c b/apps/app_queue.c index 45b5683ed..104f3e4f0 100644 --- a/apps/app_queue.c +++ b/apps/app_queue.c @@ -5616,12 +5616,12 @@ static void send_agent_complete(const char *queuename, struct ast_channel_snapsh } blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: s}", - "Queue", queuename, - "Interface", member->interface, - "MemberName", member->membername, - "HoldTime", (long)(callstart - holdstart), - "TalkTime", (long)(time(NULL) - callstart), - "Reason", reason); + "Queue", queuename, + "Interface", member->interface, + "MemberName", member->membername, + "HoldTime", (long)(callstart - holdstart), + "TalkTime", (long)(time(NULL) - callstart), + "Reason", reason ?: ""); queue_publish_multi_channel_snapshot_blob(ast_queue_topic(queuename), caller, peer, queue_agent_complete_type(), blob); -- cgit v1.2.3