[Asterisk-code-review] chan iax2: Fix use of uninited memory in try transfer. (asterisk[11])

Anonymous Coward asteriskteam at digium.com
Thu Oct 27 22:23:03 CDT 2016 

Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/4171 )

Change subject: chan_iax2: Fix use of uninited memory in try_transfer.
......................................................................


chan_iax2: Fix use of uninited memory in try_transfer.

- if newip contained the right stack garbage, it would overwrite the
  correct IP
- memmove was unnecessary

Reported by: saltsa (on IRC)

Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619
---
M channels/chan_iax2.c
1 file changed, 5 insertions(+), 12 deletions(-)

Approvals:
  Anonymous Coward #1000019: Verified
  Matt Jordan: Looks good to me, but someone else must approve
  Joshua Colp: Looks good to me, approved



diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index ac6eb03..4865742 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -8505,24 +8505,17 @@
 
 static int try_transfer(struct chan_iax2_pvt *pvt, struct iax_ies *ies)
 {
-	int newcall = 0;
-	char newip[256];
 	struct iax_ie_data ied;
-	struct sockaddr_in new = { 0, };
 
 	memset(&ied, 0, sizeof(ied));
-	if (ies->apparent_addr)
-		memmove(&new, ies->apparent_addr, sizeof(new));
-	if (ies->callno)
-		newcall = ies->callno;
-	if (!newcall || !new.sin_addr.s_addr || !new.sin_port) {
+	if (!ies->callno || !ies->apparent_addr ||
+			!ies->apparent_addr->sin_addr.s_addr ||
+			!ies->apparent_addr->sin_port) {
 		ast_log(LOG_WARNING, "Invalid transfer request\n");
 		return -1;
 	}
-	pvt->transfercallno = newcall;
-	memcpy(&pvt->transfer, &new, sizeof(pvt->transfer));
-	inet_aton(newip, &pvt->transfer.sin_addr);
-	pvt->transfer.sin_family = AF_INET;
+	pvt->transfercallno = ies->callno;
+	memcpy(&pvt->transfer, ies->apparent_addr, sizeof(pvt->transfer));
 	pvt->transferid = ies->transferid;
 	/* only store by transfercallno if this is a new transfer,
 	 * just in case we get a duplicate TXREQ */

-- 
To view, visit https://gerrit.asterisk.org/4171
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I9375589f832b08cdff5b05ba975f3c62eef80619
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Walter Doekes <walter+asterisk at wjd.nu>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Matt Jordan <mjordan at digium.com>

More information about the asterisk-code-review mailing list