[asterisk-bugs] [Asterisk 0019050]: [patch] Concatenates uninitialized buffer causes garbage data prior result also may cause crash
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Apr 22 08:58:05 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19050
======================================================================
Reported By: johnz
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 19050
Category: Functions/func_shell
Reproducibility: always
Severity: minor
Priority: normal
Status: ready for testing
Target Version: 1.4/1.6.2 Issues (Final Release)
Asterisk Version: SVN
JIRA: SWP-3298
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 312069
Request Review:
======================================================================
Date Submitted: 2011-03-31 18:37 CDT
Last Modified: 2011-04-22 08:58 CDT
======================================================================
Summary: [patch] Concatenates uninitialized buffer causes
garbage data prior result also may cause crash
Description:
Noticed SHELL function returns garbage data ahead expected result.
To Reproduce:
1) Run a TCP dump tool on either Asterisk server side or FastAGI client
side
( Most TCP dump tool does not work well when two peers are on same machine
)
2) Write a simple FastAGI program, it only issues:
GET VARIABLE SHELL("echo -n hello")
3) Modify the extensions.conf by adding an extension to point to the
FastAGI client
4) Make a call to that extension, check the TCP dump result.
I noticed:
32 30 30 20 72 65 73 75 6C 74 3D 31 20 28 98 ED AD B6 B8 C8 19 68 65 6C 6C
6F 29 0A
200 result=1 (?í¶¸È.hello).
======================================================================
----------------------------------------------------------------------
(0134046) svnbot (reporter) - 2011-04-22 08:58
https://issues.asterisk.org/view.php?id=19050#c134046
----------------------------------------------------------------------
Repository: asterisk
Revision: 314778
U branches/1.6.2/res/res_agi.c
------------------------------------------------------------------------
r314778 | russell | 2011-04-22 08:58:04 -0500 (Fri, 22 Apr 2011) | 11
lines
Initialize buffers in getvar and getvarfull.
Initialize the buffers used to hold the result from GET VARIABLE or
GET VARIABLE FULL. The bug report shows func_read returning garbage in
the result. It assumed that the buffer passed in was initialized, like
many
other functions do. In the more common code path (through the dialplan),
it
is initialized, so just initialize it here too.
(closes issue https://issues.asterisk.org/view.php?id=19050)
Reported by: johnz
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=314778
Issue History
Date Modified Username Field Change
======================================================================
2011-04-22 08:58 svnbot Note Added: 0134046
======================================================================
More information about the asterisk-bugs
mailing list