[asterisk-bugs] [Asterisk 0019050]: Concatenates uninitialized buffer causes garbage data prior result also may cause crash

Asterisk Bug Tracker noreply at bugs.digium.com
Thu Mar 31 18:37:47 CDT 2011 

The following issue has been SUBMITTED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=19050 
====================================================================== 
Reported By:                johnz
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   19050
Category:                   Functions/func_shell
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     new
Asterisk Version:           SVN 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!): 312069 
Request Review:              
====================================================================== 
Date Submitted:             2011-03-31 18:37 CDT
Last Modified:              2011-03-31 18:37 CDT
====================================================================== 
Summary:                    Concatenates uninitialized buffer causes garbage
data prior result also may cause crash
Description: 
Noticed SHELL function returns garbage data ahead expected result.

To Reproduce:
1) Run a TCP dump tool on either Asterisk server side or FastAGI client
side 
( Most TCP dump tool does not work well when two peers are on same machine
)

2) Write a simple FastAGI program, it only issues:

GET VARIABLE SHELL("echo -n hello")

3) Modify the extensions.conf by adding an extension to point to the
FastAGI client

4) Make a call to that extension, check the TCP dump result.

I noticed:

32 30 30 20 72 65 73 75 6C 74 3D 31 20 28 98 ED AD B6 B8 C8 19 68 65 6C 6C
6F 29 0A 
200 result=1 (?í­¶¸È.hello).

====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2011-03-31 18:37 johnz          New Issue                                    
2011-03-31 18:37 johnz          Asterisk Version          => SVN             
2011-03-31 18:37 johnz          Regression                => No              
2011-03-31 18:37 johnz          SVN Branch (only for SVN checkouts, not tarball
releases) =>  trunk          
2011-03-31 18:37 johnz          SVN Revision (number only!) => 312069          
======================================================================

More information about the asterisk-bugs mailing list