[Asterisk-code-review] res/res ari: Fix null endpoint handle (asterisk[master])

Joshua Colp asteriskteam at digium.com
Mon Nov 19 09:37:23 CST 2018 

Joshua Colp has submitted this change and it was merged. ( https://gerrit.asterisk.org/10667 )

Change subject: res/res_ari: Fix null endpoint handle
......................................................................

res/res_ari: Fix null endpoint handle

The res_ari(POST /channels/create handler) deos not check the endpoint
parameter length. And it causes core
dump.
Fixed it to check the parameter length. Also fixed memory leak.

ASTERISK-28169

Change-Id: Ibf10a9eb8a2e3a9ee1e13fbe748b2ecf955c3993
---
M res/ari/resource_channels.c
1 file changed, 12 insertions(+), 6 deletions(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve; Approved for Submit
  George Joseph: Looks good to me, approved



diff --git a/res/ari/resource_channels.c b/res/ari/resource_channels.c
index cdf0f88..bca32f1 100644
--- a/res/ari/resource_channels.c
+++ b/res/ari/resource_channels.c
@@ -1748,18 +1748,24 @@
 	struct ast_format_cap *request_cap;
 	struct ast_channel *originator;
 
-	chan_data = ast_calloc(1, sizeof(*chan_data));
-	if (!chan_data) {
-		ast_ari_response_alloc_failed(response);
-		return;
-	}
-
 	if (!ast_strlen_zero(args->originator) && !ast_strlen_zero(args->formats)) {
 		ast_ari_response_error(response, 400, "Bad Request",
 			"Originator and formats can't both be specified");
 		return;
 	}
 
+	if (ast_strlen_zero(args->endpoint)) {
+		ast_ari_response_error(response, 400, "Bad Request",
+			"Endpoint must be specified");
+		return;
+	}
+
+	chan_data = ast_calloc(1, sizeof(*chan_data));
+	if (!chan_data) {
+		ast_ari_response_alloc_failed(response);
+		return;
+	}
+
 	chan_data->stasis_stuff = ast_str_create(32);
 	if (!chan_data->stasis_stuff) {
 		ast_ari_response_alloc_failed(response);

-- 
To view, visit https://gerrit.asterisk.org/10667
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: Ibf10a9eb8a2e3a9ee1e13fbe748b2ecf955c3993
Gerrit-Change-Number: 10667
Gerrit-PatchSet: 3
Gerrit-Owner: sungtae kim <pchero21 at gmail.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2 (1000185)
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: sungtae kim <pchero21 at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20181119/8b24d7f1/attachment-0001.html>

More information about the asterisk-code-review mailing list