[asterisk-bugs] [JIRA] (ASTERISK-29614) app_agent_pool: XML Doc: unterminated entity reference

Alexander Traud (JIRA) noreply at issues.asterisk.org
Thu Aug 26 03:10:33 CDT 2021 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-29614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=256078#comment-256078 ] 

Alexander Traud commented on ASTERISK-29614:
--------------------------------------------

Thanks. Just to double-check whether I got [it|https://gerrit.asterisk.org/7564]:
The current code tries to ignore a section ‘general’ as agent ID. Although it could be possible, I named my agent ‘general’, this is not allowed because it is the global/generic section. In other words, such a black list contains all static/well-known sections, not to parse/confuse them with a name for a section which could have any name. Right? OK. If app_agent_pool has just one item in the blacklist, we do not need an array and can go for ACO_BLACKLIST_EXACT. Question (1): Can’t we? If not, I still have not understood the concept.

That would leave the module {{app_skel}}, which is not enabled on default. That brings me to the next question (2): What is this XML API call, what does it try to do exactly?

And that would leave the module {{test_config}}, which is part of the test framework. That is still using RegEx for {{global}}. Question (3): Was that a glitch in the [originating change|https://gerrit.asterisk.org/7530] and {{test_config}} does not need RegEx at all?

That brings me to another question (4) which I think I have an answer for already: If only two modules remain to use ACO_BLACKLIST_ARRAY, why not changing those to RegEx again and kill ACO_BLACKLIST_ARRAY? If I understand your patch correctly, you are doing RegEx again but keep the public symbol ACO_BLACKLIST_ARRAY, for those third-party modules outside of the Asterisk source tree. Right?

That brings me to my last question (5): Why is just the black but not the white list affected by this which are used by {{cel/cel.c}} and {{cdr/cdr.c}}? Looking at your patch, you fixed that as well. I wonder why modules based on that, did not trigger an issue {{xmldoc dump}} here.

That brings me to my very last question (6): Why does {{xmlNodeSetContent(.)}} not detect that issue always? Obviously, nobody ever reported in 3½ years. Is there any way to enable stricter parsing and error checking?

> app_agent_pool: XML Doc: unterminated entity reference
> ------------------------------------------------------
>
>                 Key: ASTERISK-29614
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-29614
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Applications/app_agent_pool, Applications/app_skel, Documentation
>    Affects Versions: 13.38.3, 16.20.0, 18.6.0, 19.0.0
>         Environment: Ubuntu 18.04 LTS
> ./configure --enable-xmldoc, which is the default
> make all or make full, does not matter
>            Reporter: Alexander Traud
>            Assignee: Unassigned
>            Severity: Major
>              Labels: patch
>         Attachments: 0001-config_options-Avoid-memory-corruption.patch
>
>
> This issue seems not to be of constant occurrence. Furthermore, I was not able to find any reports about this except several failed builds in Gerrit. Perhaps those are related but I did not investigated those further, yet. 
> Currently, I am able to replicate it quite constant and was able to investigate a bit with GDB. However, I am reporting early in my analysis, perhaps somebody sees the culprit faster.
> *My symptom*:
> {code} Loading app_agent_pool.so.
>   == Manager registered action Agents
>   == Manager registered action AgentLogoff
>   == Registered custom function 'AGENT'
>   == Registered application 'AgentLogin'
>   == Registered application 'AgentRequest'
> error : unterminated entity reference            ���
>   == app_agent_pool.so => (Call center agent pool applications){code}*My call stack*:
> apps/app_agent_pool.c
> ⤷ load_module
>    ⤷ load_config
>       ⤷ aco_info_init
>          ⤷ type = agent_type (the second type from {{app_agent_pool}}, the one after the {{general_type}})
>             ⤷ xmldoc_update_config_type in file main/xml.c
>                ⤷ ast_xml_set_text
>                   ⤷ xmlNodeSetContent
> That error is not printed, when I remove _all_ categories except the terminating NULL, in the file {{apps/app_agent_pool.c}}, in the string array {{agent_type_blacklist}}. That error is not printed, when I comment/disable at least four of the eight {{aco_option_register}} in {{load_config}}.
> This looks like a memory corruption, because even when that error is not printed, on the command-line interface (CLI), I am not able to issue {{xmldoc dump <file>}} when the module {{app_agent_pool}} is loaded. I get errors like {{output error : string is not in UTF-8}} or {{xmlEscapeEntities : char out of range}}.
> *Workarounds*:
> a) {{./configure --disable-xmldoc}} or
> b) disable the module {{app_agent_pool}} via {{make menuselect}} or
> c) noload the module {{app_agent_pool}} via the configuration file {{modules.conf}} or
> d) change the string array {{agent_type_blacklist}} to contain just the terminating {{NULL}} value



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list