[asterisk-bugs] [Asterisk 0015765]: Incorrect parsing of day range in pbx.c
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Aug 25 10:42:12 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15765
======================================================================
Reported By: hooi
Assigned To: lmadsen
======================================================================
Project: Asterisk
Issue ID: 15765
Category: Core/PBX
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
Asterisk Version: 1.2.X
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!): 213789
Request Review:
======================================================================
Date Submitted: 2009-08-23 21:46 CDT
Last Modified: 2009-08-25 10:42 CDT
======================================================================
Summary: Incorrect parsing of day range in pbx.c
Description:
The patch
http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt contains
incorrect sscanf format for parsing start of day and end of day in pbx.c
whereby it assumes "day" is single digit. That is:
sscanf(day, "%1d", &s) should be sscanf(day, "%2d", &s) [at line 4019]
and sscanf(day, "%1d", &e) should be sscanf(day, "%2d", &e) [at line
4029]
This impact on anything that uses ast_build_timing() such as GotoIfTime()
and ExecIfTime().
======================================================================
----------------------------------------------------------------------
(0109591) lmadsen (administrator) - 2009-08-25 10:42
https://issues.asterisk.org/view.php?id=15765#c109591
----------------------------------------------------------------------
OK!
So I just confirmed the issue. I will now test Tilghmans patch to make
sure all is well.
Issue History
Date Modified Username Field Change
======================================================================
2009-08-25 10:42 lmadsen Note Added: 0109591
======================================================================
More information about the asterisk-bugs
mailing list