[asterisk-bugs] [JIRA] (ASTERISK-23391) Audit dialplan function usage of channel variable

Corey Farrell (JIRA) noreply at issues.asterisk.org
Fri Feb 28 10:40:03 CST 2014 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-23391?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=215765#comment-215765 ] 

Corey Farrell edited comment on ASTERISK-23391 at 2/28/14 10:40 AM:
--------------------------------------------------------------------

Attached are patches for each branch.  I audited 1.8 using:
bq. grep -R * -e 'static struct ast_custom_function '
This gave me the a list of all custom functions.  When merging to each new version I compared the list, and only checked new functions.  This means if a function that existed in 1.8 or 11 started using chan in the variable declaration area of 12, I might not have noticed.  For trunk I did not do an audit, I copied my changes from 12 and compiled.

I do not understand func_groupcount.c and can't tell if chan==NULL is safe.  Also I don't have deps for apps/app_jack.c, so I could not compile it.  I visually inspected the result on each version of asterisk and it looks good.  All other files that I changed were successfully compiled in all versions of asterisk.  No runtime testing has been done.

These patches have been provided separate for each version as I had many merge issues.  In one file the change was applied to the wrong function.  I'm less concerned with the changes I've made, more concerned with verifying they were applied correctly to higher versions.
                
      was (Author: coreyfarrell):
    Attached are patches for each branch.  I audited 1.8 using:
bq. grep -R * -e 'static struct ast_custom_function '
This gave me the a list of all custom functions.  When merging to each new version I compared the list, and only checked new functions.  This means if a function that existed in 1.8 or 11 started using chan in the variable declaration area of 12, I might not have noticed.  For trunk I did not do an audit, I copied my changes from 12 and compiled.

I do not understand func_groupcount.c and can't tell if chan==NULL is safe.  Also I don't have deps for apps/app_jack.c, so I could not compile it.  I visually inspected the result on each version of asterisk and it looks good.  All other files that I changed were successfully compiled in all versions of asterisk.  No runtime testing has been done.
                  
> Audit dialplan function usage of channel variable
> -------------------------------------------------
>
>                 Key: ASTERISK-23391
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-23391
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Functions/General
>    Affects Versions: SVN, 1.8.25.0, 11.7.0, 12.0.0
>            Reporter: Corey Farrell
>            Assignee: Corey Farrell
>         Attachments: functions-check-chan-11.patch, functions-check-chan-12-trunk.patch, functions-check-chan-1.8.patch
>
>
> Dialplan functions can be called from AMI without a channel.  This allows some functions to be executed in the global context.  Some functions do not check for NULL channels and can crash when executed as a global function.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list