[asterisk-bugs] [JIRA] (ASTERISK-28570) Potential infinite loop in function find_matching_priority
Benjamin Keith Ford (JIRA)
noreply at issues.asterisk.org
Mon Oct 7 09:24:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Benjamin Keith Ford updated ASTERISK-28570:
-------------------------------------------
Assignee: Yoooooo Ha
Status: Waiting for Feedback (was: Triage)
Have you seen an infinite loop as a result of this code? If so, what are your steps for reproducing it? It looks like the code will finish execution after going through all includes.
> Potential infinite loop in function find_matching_priority
> ----------------------------------------------------------
>
> Key: ASTERISK-28570
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28570
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_while
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
> Assignee: Yoooooo Ha
>
> Summary: Potential infinite loop in function find_matching_priority.
> ####################################
> static struct ast_exten *find_matching_priority(struct ast_context *c,
> const char *exten, int priority, const char *callerid)
> {
> struct ast_exten *e;
> struct ast_context *c2;
> int idx;
> for (e=ast_walk_context_extensions(c, NULL); e;
> e=ast_walk_context_extensions(c, e)) {
> if (ast_extension_match(ast_get_extension_name(e),
> exten)) {
> int needmatch = ast_get_extension_matchcid(e);
> if ((needmatch &&
> ast_extension_match(ast_get_extension_cidmatch(e), callerid)) ||
> (!needmatch)) {
> /* This is the matching extension we
> want */
> struct ast_exten *p;
> for (p=ast_walk_extension_priorities(e,
> NULL); p; p=ast_walk_extension_priorities(e, p)) {
> if (priority !=
> ast_get_extension_priority(p))
> continue;
> return p;
> }
> }
> }
> }
> /* No match; run through includes */
> for (idx = 0; idx < ast_context_includes_count(c); idx++) {
> const struct ast_include *i =
> ast_context_includes_get(c, idx);
> for (c2=ast_walk_contexts(NULL); c2;
> c2=ast_walk_contexts(c2)) {
> if (!strcmp(ast_get_context_name(c2),
> ast_get_include_name(i))) {
> e = find_matching_priority(c2, exten,
> priority, callerid);
> if (e)
> return e;
> }
> }
> }
> return NULL;
> }
> ####################################
> Function find_matching_priority is a recursive function, and it is
> called by function find_matching_endwhile.
> There is possibility that an infinite loop occurs.
> The vulnerability is same as the one fixed in
> https://gerrit.asterisk.org/c/asterisk/+/8931
> (https://issues.asterisk.org/jira/browse/ASTERISK-26570)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list