[asterisk-bugs] [Asterisk 0014362]: [patch] Putting a comma in an extension dialpattern causes eventual seg fault

Asterisk Bug Tracker noreply at bugs.digium.com
Tue Feb 3 18:44:24 CST 2009 

A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=14362 
====================================================================== 
Reported By:                Nick_Lewis
Assigned To:                Corydon76
====================================================================== 
Project:                    Asterisk
Issue ID:                   14362
Category:                   Core/PBX
Reproducibility:            always
Severity:                   crash
Priority:                   normal
Status:                     ready for testing
Asterisk Version:           1.6.1-beta4 
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-01-29 07:25 CST
Last Modified:              2009-02-03 18:44 CST
====================================================================== 
Summary:                    [patch] Putting a comma in an extension dialpattern
causes eventual seg fault
Description: 
If there is erroneously a comma in an extension dialpattern such as 

_9[1-3,5-9]. 

this leads some time later to a segmentation fault by various *s2=???
assignments in add_exten_to_pattern_tree() of pbx.c

There looks to be a string-unbounded while loop causing it 
====================================================================== 

---------------------------------------------------------------------- 
 (0099384) svnbot (reporter) - 2009-02-03 18:44
 http://bugs.digium.com/view.php?id=14362#c99384 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 173311

U   trunk/main/pbx.c
U   trunk/pbx/pbx_config.c

------------------------------------------------------------------------
r173311 | tilghman | 2009-02-03 18:44:24 -0600 (Tue, 03 Feb 2009) | 10
lines

Ensure that commas placed in the middle of extension character classes do
not
interfere with correct parsing of the extension.  Also, if an unterminated
character class DOES make its way into the pbx core (through some other
method), ensure that it does not crash Asterisk.
(closes issue http://bugs.digium.com/view.php?id=14362)
 Reported by: Nick_Lewis
 Patches: 
       20090129__bug14362.diff.txt uploaded by Corydon76 (license 14)
 Tested by: Corydon76

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=173311 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-02-03 18:44 svnbot         Checkin                                      
2009-02-03 18:44 svnbot         Note Added: 0099384                          
======================================================================

More information about the asterisk-bugs mailing list