[asterisk-bugs] [JIRA] (ASTERISK-23391) Audit dialplan function usage of channel variable
Corey Farrell (JIRA)
noreply at issues.asterisk.org
Fri Feb 28 10:38:04 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23391?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Corey Farrell updated ASTERISK-23391:
-------------------------------------
Attachment: functions-check-chan-12-trunk.patch
functions-check-chan-11.patch
functions-check-chan-1.8.patch
Attached are patches for each branch. I audited 1.8 using:
bq. grep -R * -e 'static struct ast_custom_function '
This gave me the a list of all custom functions. When merging to each new version I compared the list, and only checked new functions. This means if a function that existed in 1.8 or 11 started using chan in the variable declaration area of 12, I might not have noticed. For trunk I did not do an audit, I copied my changes from 12 and compiled.
I do not understand func_groupcount.c and can't tell if chan==NULL is safe. Also I don't have deps for apps/app_jack.c, so I could not compile it. I visually inspected the result on each version of asterisk and it looks good. All other files that I changed were successfully compiled in all versions of asterisk. No runtime testing has been done.
> Audit dialplan function usage of channel variable
> -------------------------------------------------
>
> Key: ASTERISK-23391
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23391
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Functions/General
> Affects Versions: SVN, 1.8.25.0, 11.7.0, 12.0.0
> Reporter: Corey Farrell
> Assignee: Corey Farrell
> Attachments: functions-check-chan-11.patch, functions-check-chan-12-trunk.patch, functions-check-chan-1.8.patch
>
>
> Dialplan functions can be called from AMI without a channel. This allows some functions to be executed in the global context. Some functions do not check for NULL channels and can crash when executed as a global function.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list