[Asterisk-code-review] config.c: Prevent UB in ast_realtime_require_field (asterisk[19])

[Sean Bright]

Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/17605 )


Change subject: config.c: Prevent UB in ast_realtime_require_field
......................................................................

config.c: Prevent UB in ast_realtime_require_field

A backend's implementation of the realtime 'require' function may call
va_arg() and then fail, leaving the va_list in an undefined
state. Pass a copy of the va_list instead.

ASTERISK-29771 #close

Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
---
M main/config.c
1 file changed, 5 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/05/17605/1

diff --git a/main/config.c b/main/config.c
index 46f05aa..c5e42fa 100644
--- a/main/config.c
+++ b/main/config.c
@@ -3384,16 +3384,19 @@
 	struct ast_config_engine *eng;
 	char db[256];
 	char table[256];
-	va_list ap;
+	va_list ap, aq;
 	int res = -1, i;
 
 	va_start(ap, family);
 	for (i = 1; ; i++) {
 		if ((eng = find_engine(family, i, db, sizeof(db), table, sizeof(table)))) {
+			va_copy(aq, ap);
 			/* If the require succeeds, it returns 0. */
-			if (eng->require_func && !(res = eng->require_func(db, table, ap))) {
+			if (eng->require_func && !(res = eng->require_func(db, table, aq))) {
+				va_end(aq);
 				break;
 			}
+			va_end(aq);
 		} else {
 			break;
 		}

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17605
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 19
Gerrit-Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
Gerrit-Change-Number: 17605
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean at seanbright.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211128/0bf991a3/attachment.html>