[asterisk-bugs] [Asterisk 0015765]: Incorrect parsing of day range in pbx.c

Asterisk Bug Tracker noreply at bugs.digium.com
Sun Aug 23 21:46:04 CDT 2009 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15765 
====================================================================== 
Reported By:                hooi
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   15765
Category:                   Core/PBX
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     new
Asterisk Version:           1.2.X 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 213789 
Request Review:              
====================================================================== 
Date Submitted:             2009-08-23 21:46 CDT
Last Modified:              2009-08-23 21:46 CDT
====================================================================== 
Summary:                    Incorrect parsing of day range in pbx.c
Description: 
The patch
http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt contains
incorrect sscanf format for parsing start of day and end of day in pbx.c
whereby it assumes "day" is single digit.  That is:
  sscanf(day, "%1d", &s) should be sscanf(day, "%2d", &s) [at line 4019]
and sscanf(day, "%1d", &e) should be sscanf(day, "%2d", &e) [at line
4029]

This impact on anything that uses ast_build_timing() such as GotoIfTime()
and ExecIfTime().
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-08-23 21:46 hooi           New Issue                                    
2009-08-23 21:46 hooi           Asterisk Version          => 1.2.X           
2009-08-23 21:46 hooi           Regression                => No              
2009-08-23 21:46 hooi           SVN Branch (only for SVN checkouts, not tarball
releases) => N/A             
2009-08-23 21:46 hooi           SVN Revision (number only!) => 213789          
======================================================================

More information about the asterisk-bugs mailing list