[Asterisk-code-review] CLI: Address multiple issues. (asterisk[13])

Corey Farrell asteriskteam at digium.com
Tue Dec 19 10:17:54 CST 2017 

Corey Farrell has uploaded this change for review. ( https://gerrit.asterisk.org/7663


Change subject: CLI: Address multiple issues.
......................................................................

CLI: Address multiple issues.

* listen uses the variable `s` for the result from ast_poll() then
  overwrites it with the result of accept().  Create a separate variable
  poll_result to avoid confusion since ast_poll does not return a file
  descriptor.
* Reserve an extra byte while processing completion results from remote
  daemon.  This fixes a bug where completion processing used strstr() on
  a string that was not '\0' terminated.  This was no risk to the Asterisk
  daemon, the bug was only reachable the remote console process.
* Resolve leak in handle_showchan when the channel is not found.
* Multiple leaks in pbx_config CLI completion.
* Fix leaks in "manager show command".

Change-Id: I8f633ceb1714867ae30ef4e421858f77c14485a9
---
M main/asterisk.c
M main/cli.c
M main/manager.c
M pbx/pbx_config.c
4 files changed, 33 insertions(+), 11 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/63/7663/1

diff --git a/main/asterisk.c b/main/asterisk.c
index 015c9f3..06141b4 100644
--- a/main/asterisk.c
+++ b/main/asterisk.c
@@ -1695,17 +1695,21 @@
 	int s;
 	socklen_t len;
 	int x;
+	int poll_result;
 	struct pollfd fds[1];
+
 	for (;;) {
-		if (ast_socket < 0)
+		if (ast_socket < 0) {
 			return NULL;
+		}
 		fds[0].fd = ast_socket;
 		fds[0].events = POLLIN;
-		s = ast_poll(fds, 1, -1);
+		poll_result = ast_poll(fds, 1, -1);
 		pthread_testcancel();
-		if (s < 0) {
-			if (errno != EINTR)
+		if (poll_result < 0) {
+			if (errno != EINTR) {
 				ast_log(LOG_WARNING, "poll returned error: %s\n", strerror(errno));
+			}
 			continue;
 		}
 		len = sizeof(sunaddr);
@@ -3195,9 +3199,10 @@
 #define CMD_MATCHESARRAY "_COMMAND MATCHESARRAY \"%s\" \"%s\""
 		char *mbuf;
 		char *new_mbuf;
-		int mlen = 0, maxmbuf = 2048;
+		int mlen = 0;
+		int maxmbuf = 2049;
 
-		/* Start with a 2048 byte buffer */
+		/* Start with a 2049 byte buffer */
 		mbuf = ast_malloc(maxmbuf);
 
 		/* This will run snprintf twice at most. */
@@ -3218,12 +3223,14 @@
 		res = 0;
 		mlen = 0;
 		mbuf[0] = '\0';
+		/* Reserve space for '\0' */
+		maxmbuf--;
 
 		while (!strstr(mbuf, AST_CLI_COMPLETE_EOF) && res != -1) {
 			if (mlen + 1024 > maxmbuf) {
-				/* Expand buffer to the next 1024 byte increment. */
+				/* Expand buffer to the next 1024 byte increment plus a NULL terminator. */
 				maxmbuf = mlen + 1024;
-				new_mbuf = ast_realloc(mbuf, maxmbuf);
+				new_mbuf = ast_realloc(mbuf, maxmbuf + 1);
 				if (!new_mbuf) {
 					ast_free(mbuf);
 					*((char *) lf->cursor) = savechr;
@@ -3236,6 +3243,7 @@
 			res = read(ast_consock, mbuf + mlen, 1024);
 			if (res > 0) {
 				mlen += res;
+				mbuf[mlen] = '\0';
 			}
 		}
 		mbuf[mlen] = '\0';
diff --git a/main/cli.c b/main/cli.c
index 7039b72..8953d26 100644
--- a/main/cli.c
+++ b/main/cli.c
@@ -1530,6 +1530,8 @@
 	chan = ast_channel_get_by_name(a->argv[3]);
 	if (!chan) {
 		ast_cli(a->fd, "%s is not a known channel\n", a->argv[3]);
+		ast_free(output);
+
 		return CLI_SUCCESS;
 	}
 
diff --git a/main/manager.c b/main/manager.c
index 8105265..f08a932 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -2344,10 +2344,11 @@
 		AST_RWLIST_UNLOCK(&actions);
 		return ret;
 	}
-	authority = ast_str_alloca(MAX_AUTH_PERM_STRING);
 	if (a->argc < 4) {
 		return CLI_SHOWUSAGE;
 	}
+
+	authority = ast_str_alloca(MAX_AUTH_PERM_STRING);
 
 #ifdef AST_XML_DOCS
 	/* setup the titles */
@@ -2376,6 +2377,7 @@
 					char *seealso = ast_xmldoc_printable(S_OR(cur->seealso, "Not available"), 1);
 					char *privilege = ast_xmldoc_printable(S_OR(auth_str, "Not available"), 1);
 					char *responses = ast_xmldoc_printable("None", 1);
+
 					ast_cli(a->fd, "%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s%s\n\n%s",
 						syntax_title, syntax,
 						synopsis_title, synopsis,
@@ -2403,6 +2405,14 @@
 						ast_cli(a->fd, "Event: %s\n", cur->final_response->name);
 						print_event_instance(a, cur->final_response);
 					}
+
+					ast_free(syntax);
+					ast_free(synopsis);
+					ast_free(description);
+					ast_free(arguments);
+					ast_free(seealso);
+					ast_free(privilege);
+					ast_free(responses);
 				} else
 #endif
 				{
diff --git a/pbx/pbx_config.c b/pbx/pbx_config.c
index c4a0e6c..71f71ab 100644
--- a/pbx/pbx_config.c
+++ b/pbx/pbx_config.c
@@ -303,8 +303,10 @@
 				while ( (nc = ast_walk_contexts(nc)) && nc != c && !already_served)
 					already_served = lookup_ci(nc, i_name);
 
-				if (!already_served && ++which > a->n)
+				if (!already_served && ++which > a->n) {
 					res = strdup(i_name);
+					break;
+				}
 			}
 			ast_unlock_context(c);
 		}
@@ -1533,7 +1535,7 @@
 		}
 		ast_unlock_contexts();
 		free(dupline);
-		return NULL;
+		return ret;
 	}
 
 	return NULL;

-- 
To view, visit https://gerrit.asterisk.org/7663
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: newchange
Gerrit-Change-Id: I8f633ceb1714867ae30ef4e421858f77c14485a9
Gerrit-Change-Number: 7663
Gerrit-PatchSet: 1
Gerrit-Owner: Corey Farrell <git at cfware.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171219/bb8acbce/attachment-0001.html>

More information about the asterisk-code-review mailing list