[asterisk-bugs] [JIRA] (ASTERISK-28570) Potential infinite loop in function find_matching_priority
Yoooooo Ha (JIRA)
noreply at issues.asterisk.org
Mon Oct 7 09:28:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28570?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yoooooo Ha updated ASTERISK-28570:
----------------------------------
Description:
Summary: Potential infinite loop in function find_matching_priority.
####################################
static struct ast_exten *find_matching_priority(struct ast_context *c,
const char *exten, int priority, const char *callerid)
{
struct ast_exten *e;
struct ast_context *c2;
int idx;
for (e=ast_walk_context_extensions(c, NULL); e; e=ast_walk_context_extensions(c, e)) {
if (ast_extension_match(ast_get_extension_name(e), exten)) {
int needmatch = ast_get_extension_matchcid(e);
if ((needmatch && ast_extension_match(ast_get_extension_cidmatch(e), callerid)) ||
(!needmatch)) {
/* This is the matching extension we want */
struct ast_exten *p;
for (p=ast_walk_extension_priorities(e, NULL); p; p=ast_walk_extension_priorities(e, p)) {
if (priority != ast_get_extension_priority(p))
continue;
return p;
}
}
}
}
/* No match; run through includes */
for (idx = 0; idx < ast_context_includes_count(c); idx++) {
const struct ast_include *i = ast_context_includes_get(c, idx);
for (c2=ast_walk_contexts(NULL); c2; c2=ast_walk_contexts(c2)) {
if (!strcmp(ast_get_context_name(c2), ast_get_include_name(i))) {
e = find_matching_priority(c2, exten, priority, callerid);
if (e)
return e;
}
}
}
return NULL;
}
####################################
Function find_matching_priority is a recursive function, and it is
called by function find_matching_endwhile.
There is possibility that an infinite loop occurs.
The vulnerability is same as the one fixed in
https://gerrit.asterisk.org/c/asterisk/+/8931
(https://issues.asterisk.org/jira/browse/ASTERISK-26570)
was:
Summary: Potential infinite loop in function find_matching_priority.
####################################
static struct ast_exten *find_matching_priority(struct ast_context *c,
const char *exten, int priority, const char *callerid)
{
struct ast_exten *e;
struct ast_context *c2;
int idx;
for (e=ast_walk_context_extensions(c, NULL); e;
e=ast_walk_context_extensions(c, e)) {
if (ast_extension_match(ast_get_extension_name(e),
exten)) {
int needmatch = ast_get_extension_matchcid(e);
if ((needmatch &&
ast_extension_match(ast_get_extension_cidmatch(e), callerid)) ||
(!needmatch)) {
/* This is the matching extension we
want */
struct ast_exten *p;
for (p=ast_walk_extension_priorities(e,
NULL); p; p=ast_walk_extension_priorities(e, p)) {
if (priority !=
ast_get_extension_priority(p))
continue;
return p;
}
}
}
}
/* No match; run through includes */
for (idx = 0; idx < ast_context_includes_count(c); idx++) {
const struct ast_include *i =
ast_context_includes_get(c, idx);
for (c2=ast_walk_contexts(NULL); c2;
c2=ast_walk_contexts(c2)) {
if (!strcmp(ast_get_context_name(c2),
ast_get_include_name(i))) {
e = find_matching_priority(c2, exten,
priority, callerid);
if (e)
return e;
}
}
}
return NULL;
}
####################################
Function find_matching_priority is a recursive function, and it is
called by function find_matching_endwhile.
There is possibility that an infinite loop occurs.
The vulnerability is same as the one fixed in
https://gerrit.asterisk.org/c/asterisk/+/8931
(https://issues.asterisk.org/jira/browse/ASTERISK-26570)
> Potential infinite loop in function find_matching_priority
> ----------------------------------------------------------
>
> Key: ASTERISK-28570
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28570
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Applications/app_while
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
> Assignee: Yoooooo Ha
>
> Summary: Potential infinite loop in function find_matching_priority.
> ####################################
> static struct ast_exten *find_matching_priority(struct ast_context *c,
> const char *exten, int priority, const char *callerid)
> {
> struct ast_exten *e;
> struct ast_context *c2;
> int idx;
> for (e=ast_walk_context_extensions(c, NULL); e; e=ast_walk_context_extensions(c, e)) {
> if (ast_extension_match(ast_get_extension_name(e), exten)) {
> int needmatch = ast_get_extension_matchcid(e);
> if ((needmatch && ast_extension_match(ast_get_extension_cidmatch(e), callerid)) ||
> (!needmatch)) {
> /* This is the matching extension we want */
> struct ast_exten *p;
> for (p=ast_walk_extension_priorities(e, NULL); p; p=ast_walk_extension_priorities(e, p)) {
> if (priority != ast_get_extension_priority(p))
> continue;
> return p;
> }
> }
> }
> }
> /* No match; run through includes */
> for (idx = 0; idx < ast_context_includes_count(c); idx++) {
> const struct ast_include *i = ast_context_includes_get(c, idx);
> for (c2=ast_walk_contexts(NULL); c2; c2=ast_walk_contexts(c2)) {
> if (!strcmp(ast_get_context_name(c2), ast_get_include_name(i))) {
> e = find_matching_priority(c2, exten, priority, callerid);
> if (e)
> return e;
> }
> }
> }
> return NULL;
> }
> ####################################
> Function find_matching_priority is a recursive function, and it is
> called by function find_matching_endwhile.
> There is possibility that an infinite loop occurs.
> The vulnerability is same as the one fixed in
> https://gerrit.asterisk.org/c/asterisk/+/8931
> (https://issues.asterisk.org/jira/browse/ASTERISK-26570)
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list