[asterisk-bugs] [Asterisk 0018759]: [patch] Null values in format strings lead to segfault
Asterisk Bug Tracker
noreply at bugs.digium.com
Fri Mar 18 09:43:05 CDT 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18759
======================================================================
Reported By: bklang
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18759
Category: Core/Portability
Reproducibility: always
Severity: minor
Priority: normal
Status: confirmed
Asterisk Version: SVN
JIRA: SWP-3039
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): 1.8
SVN Revision (number only!): 306529
Request Review:
======================================================================
Date Submitted: 2011-02-07 07:32 CST
Last Modified: 2011-03-18 09:43 CDT
======================================================================
Summary: [patch] Null values in format strings lead to
segfault
Description:
This is an issue I have reported in several other places and which have
been fixed. Instead of opening a single ticket for these three I am
putting them into a single ticket.
res/res_jabber.c:2493 found->description
channels/chan_sip.c:23429 authpeer->name
res/res_fax.c:1770
The first two I have patched trivially and attached it here. For
res_fax.c I'm not sure which variable was null and whether protection
should be applied to multiple variables so I do not have a patch for this.
======================================================================
----------------------------------------------------------------------
(0133007) jrose (manager) - 2011-03-18 09:43
https://issues.asterisk.org/view.php?id=18759#c133007
----------------------------------------------------------------------
@lathama: I don't really believe that has anything to dow ith this
particular bug. ast_strlen_zero shouldn't have any problems with null
pointers.
@bklang: I've made a patch to perform your changes as well as protect all
of the variables within messages printed in that function of res_fax.c I'd
like you to test it if you would, as I can't pinpoint any additional
specific changes that should be needed in that particular section of code
but at the same time I have no means of testing this module in Solaris.
According to my sources, these bugs are Solaris-specific. All this
protects is the chan->name across the various log statements in there
(which is the only value involved int he log) and I find it weird in the
first place that you'd be able to reach that function without a channel
that has a name in it. If the channel itself is what's null there, we
might need to probe this issue a little more deeply.
Issue History
Date Modified Username Field Change
======================================================================
2011-03-18 09:43 jrose Note Added: 0133007
======================================================================
More information about the asterisk-bugs
mailing list