[asterisk-bugs] [Asterisk 0019050]: [patch] Concatenates uninitialized buffer causes garbage data prior result also may cause crash
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Apr 22 09:08:03 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=19050
======================================================================
Reported By: johnz
Assigned To: russell
======================================================================
Project: Asterisk
Issue ID: 19050
Category: Functions/func_shell
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Target Version: 1.4/1.6.2 Issues (Final Release)
Asterisk Version: SVN
JIRA: SWP-3298
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!): 312069
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2011-03-31 18:37 CDT
Last Modified: 2011-04-22 09:08 CDT
======================================================================
Summary: [patch] Concatenates uninitialized buffer causes
garbage data prior result also may cause crash
Description:
Noticed SHELL function returns garbage data ahead expected result.
To Reproduce:
1) Run a TCP dump tool on either Asterisk server side or FastAGI client
side
( Most TCP dump tool does not work well when two peers are on same machine
)
2) Write a simple FastAGI program, it only issues:
GET VARIABLE SHELL("echo -n hello")
3) Modify the extensions.conf by adding an extension to point to the
FastAGI client
4) Make a call to that extension, check the TCP dump result.
I noticed:
32 30 30 20 72 65 73 75 6C 74 3D 31 20 28 98 ED AD B6 B8 C8 19 68 65 6C 6C
6F 29 0A
200 result=1 (?í¶¸È.hello).
======================================================================
----------------------------------------------------------------------
(0134048) svnbot (reporter) - 2011-04-22 09:08
https://issues.asterisk.org/view.php?id=19050#c134048
----------------------------------------------------------------------
Repository: asterisk
Revision: 314781
_U trunk/
U trunk/res/res_agi.c
------------------------------------------------------------------------
r314781 | russell | 2011-04-22 09:08:03 -0500 (Fri, 22 Apr 2011) | 25
lines
Merged revisions 314780 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
................
r314780 | russell | 2011-04-22 09:02:23 -0500 (Fri, 22 Apr 2011) | 18
lines
Merged revisions 314778 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
........
r314778 | russell | 2011-04-22 08:58:03 -0500 (Fri, 22 Apr 2011) | 11
lines
Initialize buffers in getvar and getvarfull.
Initialize the buffers used to hold the result from GET VARIABLE or
GET VARIABLE FULL. The bug report shows func_read returning garbage
in
the result. It assumed that the buffer passed in was initialized,
like many
other functions do. In the more common code path (through the
dialplan), it
is initialized, so just initialize it here too.
(closes issue https://issues.asterisk.org/view.php?id=19050)
Reported by: johnz
........
................
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=314781
Issue History
Date Modified Username Field Change
======================================================================
2011-04-22 09:08 svnbot Checkin
2011-04-22 09:08 svnbot Note Added: 0134048
======================================================================
More information about the asterisk-bugs
mailing list