From e31cb6b2484bbf5726c59b263f13b995e60d537d Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Wed, 15 Jul 2015 15:40:32 -0500 Subject: strings.h: Fix issues with escape string functions. Fixes for issues with the ASTERISK-24934 patch. * Fixed ast_escape_alloc() and ast_escape_c_alloc() if the s parameter is an empty string. If it were an empty string the functions returned NULL as if there were a memory allocation failure. This failure caused the AMI VarSet event to not get posted if the new value was an empty string. * Fixed dest buffer overwrite potential in ast_escape() and ast_escape_c(). If the dest buffer size is smaller than the space needed by the escaped s parameter string then the dest buffer would be written beyond the end by the nul string terminator. The num parameter was really the dest buffer size parameter so I renamed it to size. * Made nul terminate the dest buffer if the source string parameter s was an empty string in ast_escape() and ast_escape_c(). * Updated ast_escape() and ast_escape_c() doxygen function description comments to reflect reality. * Added some more unit test cases to /main/strings/escape to cover the empty source string issues. ASTERISK-25255 #close Reported by: Richard Mudgett Change-Id: Id77fc704600ebcce81615c1200296f74de254104 --- include/asterisk/strings.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/asterisk/strings.h b/include/asterisk/strings.h index d361293d0..af5ae6c55 100644 --- a/include/asterisk/strings.h +++ b/include/asterisk/strings.h @@ -312,32 +312,33 @@ char *ast_unescape_c(char *s); /*! * \brief Escape the 'to_escape' characters in the given string. * - * \note The given output buffer has to have enough memory allocated to store the - * original string plus any escaped values. + * \note The given output buffer will contain a truncated escaped + * version of the source string if the given buffer is not large + * enough. * * \param dest the escaped string * \param s the source string to escape - * \param num number of characters to be copied from the source + * \param size The size of the destination buffer * \param to_escape an array of characters to escape * * \return Pointer to the destination. */ -char* ast_escape(char *dest, const char *s, size_t num, const char *to_escape); +char *ast_escape(char *dest, const char *s, size_t size, const char *to_escape); /*! * \brief Escape standard 'C' sequences in the given string. * - * \note The given output buffer has to have enough memory allocated to store the - * original string plus any escaped values. + * \note The given output buffer will contain a truncated escaped + * version of the source string if the given buffer is not large + * enough. * * \param dest the escaped string * \param s the source string to escape - * \param num number of characters to be copied from the source - * \param to_escape an array of characters to escape + * \param size The size of the destination buffer * * \return Pointer to the escaped string. */ -char* ast_escape_c(char *dest, const char *s, size_t num); +char *ast_escape_c(char *dest, const char *s, size_t size); /*! * \brief Escape the 'to_escape' characters in the given string. -- cgit v1.2.3