[asterisk-bugs] [Asterisk 0014217]: [patch] app_page causes undefined behavior when paging a page group with more than 128 extensions
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Jan 12 10:09:02 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14217
======================================================================
Reported By: a_villacis
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 14217
Category: Applications/app_page
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: 1.4.22
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2009-01-12 10:06 CST
Last Modified: 2009-01-12 10:09 CST
======================================================================
Summary: [patch] app_page causes undefined behavior when
paging a page group with more than 128 extensions
Description:
When defining a paging group, if this group has more than 128 extensions,
an attempt to ring this paging group causes *all* calls (including those
belonging to extensions not part of the group) to be hung up. Analysis of
the root problem shows that a range of undefined behaviors can occur, up to
and including the crash of the Asterisk server.
======================================================================
----------------------------------------------------------------------
(0097493) a_villacis (reporter) - 2009-01-12 10:09
http://bugs.digium.com/view.php?id=14217#c97493
----------------------------------------------------------------------
We at Palosanto Solutions have been shipping our asterisk build with this
patch applied, but I consider this patch should be reviewed and possibly
merged upstream, for both 1.4.x and 1.6.x series of Asterisk.
The attached patch (20080912-asterisk-app_page-fix-buffer-overflow.patch)
fixes both identified issues. This patch counts the number of extensions in
the list and dynamically allocates enough memory for the actual number of
extensions in the page group. As a side effect, the MAX_PAGE limit is now
removed and the extension list can be arbitrarily long, memory permitting.
Also the array positions are initialized to NULL before context allocation
and checked for NULL on cleanup.
* apps/app_page.c
- Fix buffer overflow caused by attempts to define a page group with more
than 128 extensions.
- Fix potential invalid memory access on cleanup of a dialing structure
through an uninitialized pointer after failure to create at least one
dialing structure.
Issue History
Date Modified Username Field Change
======================================================================
2009-01-12 10:09 a_villacis Note Added: 0097493
======================================================================
More information about the asterisk-bugs
mailing list