From f90021fdd0e95b4d6d857189573144f5ffa85240 Mon Sep 17 00:00:00 2001 From: Tilghman Lesher Date: Wed, 4 Feb 2009 00:43:52 +0000 Subject: Ensure that commas placed in the middle of extension character classes do not interfere with correct parsing of the extension. Also, if an unterminated character class DOES make its way into the pbx core (through some other method), ensure that it does not crash Asterisk. (closes issue #14362) Reported by: Nick_Lewis Patches: 20090129__bug14362.diff.txt uploaded by Corydon76 (license 14) Tested by: Corydon76 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@173311 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- pbx/pbx_config.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'pbx/pbx_config.c') diff --git a/pbx/pbx_config.c b/pbx/pbx_config.c index 64c99b500..6d29a3f32 100644 --- a/pbx/pbx_config.c +++ b/pbx/pbx_config.c @@ -1403,6 +1403,36 @@ static int unload_module(void) return 0; } +/*!\note Protect against misparsing based upon commas in the middle of fields + * like character classes. We've taken steps to permit pretty much every other + * printable character in a character class, so properly handling a comma at + * this level is a natural extension. This is almost like the standard + * application parser in app.c, except that it handles square brackets. */ +static char *pbx_strsep(char **destructible, const char *delim) +{ + int square = 0; + char *res = *destructible; + for (; destructible && *destructible && **destructible; (*destructible)++) { + if (**destructible == '[' && !strchr(delim, '[')) { + square++; + } else if (**destructible == ']' && !strchr(delim, ']')) { + if (square) { + square--; + } + } else if (**destructible == '\\' && !strchr(delim, '\\')) { + (*destructible)++; + } else if (strchr(delim, **destructible) && !square) { + **destructible = '\0'; + (*destructible)++; + break; + } + } + if (destructible && *destructible && **destructible == '\0') { + *destructible = NULL; + } + return res; +} + static int pbx_load_config(const char *config_file) { struct ast_config *cfg; @@ -1488,7 +1518,7 @@ static int pbx_load_config(const char *config_file) continue; } - ext = S_OR(strsep(&stringp, ","), ""); + ext = S_OR(pbx_strsep(&stringp, ","), ""); pbx_substitute_variables_helper(NULL, ext, realext, sizeof(realext) - 1); ast_copy_string(lastextension, realext, sizeof(lastextension)); process_extension: -- cgit v1.2.3