[asterisk-bugs] [Asterisk 0019050]: [patch] Concatenates uninitialized buffer causes garbage data prior result also may cause crash

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Apr 22 09:08:03 CDT 2011


A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19050 
====================================================================== 
Reported By:                johnz
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   19050
Category:                   Functions/func_shell
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Target Version:             1.4/1.6.2 Issues (Final Release)
Asterisk Version:           SVN 
JIRA:                       SWP-3298 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 312069 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             2011-03-31 18:37 CDT
Last Modified:              2011-04-22 09:08 CDT
====================================================================== 
Summary:                    [patch] Concatenates uninitialized buffer causes
garbage data prior result also may cause crash
Description: 
Noticed SHELL function returns garbage data ahead expected result.

To Reproduce:
1) Run a TCP dump tool on either Asterisk server side or FastAGI client
side 
( Most TCP dump tool does not work well when two peers are on same machine
)

2) Write a simple FastAGI program, it only issues:

GET VARIABLE SHELL("echo -n hello")

3) Modify the extensions.conf by adding an extension to point to the
FastAGI client

4) Make a call to that extension, check the TCP dump result.

I noticed:

32 30 30 20 72 65 73 75 6C 74 3D 31 20 28 98 ED AD B6 B8 C8 19 68 65 6C 6C
6F 29 0A 
200 result=1 (?í­¶¸È.hello).

====================================================================== 

---------------------------------------------------------------------- 
 (0134048) svnbot (reporter) - 2011-04-22 09:08
 https://issues.asterisk.org/view.php?id=19050#c134048 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 314781

_U  trunk/
U   trunk/res/res_agi.c

------------------------------------------------------------------------
r314781 | russell | 2011-04-22 09:08:03 -0500 (Fri, 22 Apr 2011) | 25
lines

Merged revisions 314780 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.8

................
  r314780 | russell | 2011-04-22 09:02:23 -0500 (Fri, 22 Apr 2011) | 18
lines
  
  Merged revisions 314778 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.6.2
  
  ........
    r314778 | russell | 2011-04-22 08:58:03 -0500 (Fri, 22 Apr 2011) | 11
lines
    
    Initialize buffers in getvar and getvarfull.
    
    Initialize the buffers used to hold the result from GET VARIABLE or
    GET VARIABLE FULL.  The bug report shows func_read returning garbage
in
    the result.  It assumed that the buffer passed in was initialized,
like many
    other functions do.  In the more common code path (through the
dialplan), it
    is initialized, so just initialize it here too.
    
    (closes issue https://issues.asterisk.org/view.php?id=19050)
    Reported by: johnz
  ........
................

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=314781 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-04-22 09:08 svnbot         Checkin                                      
2011-04-22 09:08 svnbot         Note Added: 0134048                          
======================================================================




More information about the asterisk-bugs mailing list