[Asterisk-code-review] chan iax2: Fix use of uninited memory in try transfer. (asterisk[11])

Walter Doekes asteriskteam at digium.com
Tue Oct 25 04:13:53 CDT 2016 

Walter Doekes has uploaded a new change for review. ( https://gerrit.asterisk.org/4171 )

Change subject: chan_iax2: Fix use of uninited memory in try_transfer.
......................................................................

chan_iax2: Fix use of uninited memory in try_transfer.

- if newip contained the right stack garbage, it would overwrite the
  correct IP
- memmove was unnecessary
- ied was uninitialized

All except the last have been fixed in 13+ already.

Reported by: saltsa (on IRC)

Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619
---
M channels/chan_iax2.c
1 file changed, 6 insertions(+), 13 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/71/4171/1

diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index ac6eb03..43d4a29 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -8505,24 +8505,17 @@
 
 static int try_transfer(struct chan_iax2_pvt *pvt, struct iax_ies *ies)
 {
-	int newcall = 0;
-	char newip[256];
-	struct iax_ie_data ied;
-	struct sockaddr_in new = { 0, };
+	struct iax_ie_data ied = { 0, };
 
 	memset(&ied, 0, sizeof(ied));
-	if (ies->apparent_addr)
-		memmove(&new, ies->apparent_addr, sizeof(new));
-	if (ies->callno)
-		newcall = ies->callno;
-	if (!newcall || !new.sin_addr.s_addr || !new.sin_port) {
+	if (!ies->callno || !ies->apparent_addr ||
+			!ies->apparent_addr->sin_addr.s_addr ||
+			!ies->apparent_addr->sin_port) {
 		ast_log(LOG_WARNING, "Invalid transfer request\n");
 		return -1;
 	}
-	pvt->transfercallno = newcall;
-	memcpy(&pvt->transfer, &new, sizeof(pvt->transfer));
-	inet_aton(newip, &pvt->transfer.sin_addr);
-	pvt->transfer.sin_family = AF_INET;
+	pvt->transfercallno = ies->callno;
+	memcpy(&pvt->transfer, ies->apparent_addr, sizeof(pvt->transfer));
 	pvt->transferid = ies->transferid;
 	/* only store by transfercallno if this is a new transfer,
 	 * just in case we get a duplicate TXREQ */

-- 
To view, visit https://gerrit.asterisk.org/4171
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Walter Doekes <walter+asterisk at wjd.nu>

More information about the asterisk-code-review mailing list