[asterisk-bugs] [Asterisk 0015765]: [patch] Incorrect parsing of day range in pbx.c

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Oct 1 16:04:31 CDT 2009 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=15765 
====================================================================== 
Reported By:                hooi
Assigned To:                lmadsen
====================================================================== 
Project:                    Asterisk
Issue ID:                   15765
Category:                   Core/PBX
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     confirmed
Asterisk Version:           1.2.X 
JIRA:                        
Regression:                 No 
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!): 213789 
Request Review:              
====================================================================== 
Date Submitted:             2009-08-23 21:46 CDT
Last Modified:              2009-10-01 16:04 CDT
====================================================================== 
Summary:                    [patch] Incorrect parsing of day range in pbx.c
Description: 
The patch
http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt contains
incorrect sscanf format for parsing start of day and end of day in pbx.c
whereby it assumes "day" is single digit.  That is:
  sscanf(day, "%1d", &s) should be sscanf(day, "%2d", &s) [at line 4019]
and sscanf(day, "%1d", &e) should be sscanf(day, "%2d", &e) [at line
4029]

This impact on anything that uses ast_build_timing() such as GotoIfTime()
and ExecIfTime().
====================================================================== 

---------------------------------------------------------------------- 
 (0111752) nic_bellamy (reporter) - 2009-10-01 16:04
 https://issues.asterisk.org/view.php?id=15765#c111752 
---------------------------------------------------------------------- 
This is a pretty major regression, at least for me, who just this morning
found 39 systems in holiday mode due to GotoIfTime(*|*|26|oct?...) matching
the 2nd of October. :-)

Patch definitely fixes it, as it's binary-identical to the patch I whipped
up and tested independently this morning (before finding this ticket). 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-10-01 16:04 nic_bellamy    Note Added: 0111752                          
======================================================================

More information about the asterisk-bugs mailing list