From 3c54328c572968a2e8e43257e1e521069a78379a Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Wed, 12 Oct 2016 16:24:14 -0500 Subject: Audit ast_json_pack() calls for needed UTF-8 checks. Added needed UTF-8 checks before constructing json objects in various files for strings obtained outside the system. In this case string values from a channel driver's peer and not from the user setting channel variables. * aoc.c: Fixed type mismatch in s_to_json() for time and granularity json object construction. ASTERISK-26466 Reported by: Richard Mudgett Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096 --- res/res_fax.c | 12 +++++++----- res/stasis/app.c | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) (limited to 'res') diff --git a/res/res_fax.c b/res/res_fax.c index ab0945a89..666c2d997 100644 --- a/res/res_fax.c +++ b/res/res_fax.c @@ -1415,11 +1415,13 @@ static int report_fax_status(struct ast_channel *chan, struct ast_fax_session_de } json_object = ast_json_pack("{s: s, s: s, s: s, s: s, s: o}", - "type", "status", - "operation", (details->caps & AST_FAX_TECH_GATEWAY) ? "gateway" : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send", - "status", status, - "local_station_id", details->localstationid, - "filenames", json_filenames); + "type", "status", + "operation", (details->caps & AST_FAX_TECH_GATEWAY) + ? "gateway" + : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send", + "status", status, + "local_station_id", AST_JSON_UTF8_VALIDATE(details->localstationid), + "filenames", json_filenames); if (!json_object) { return -1; } diff --git a/res/stasis/app.c b/res/stasis/app.c index 4e18aa5ae..957ed7f69 100644 --- a/res/stasis/app.c +++ b/res/stasis/app.c @@ -456,7 +456,7 @@ static struct ast_json *channel_dialplan( "type", "ChannelDialplan", "timestamp", ast_json_timeval(*tv, NULL), "dialplan_app", new_snapshot->appl, - "dialplan_app_data", new_snapshot->data, + "dialplan_app_data", AST_JSON_UTF8_VALIDATE(new_snapshot->data), "channel", json_channel); } -- cgit v1.2.3