[Asterisk-code-review] config.c: Prevent UB in ast_realtime_require_field. (asterisk[master])
Friendly Automation
asteriskteam at digium.com
Tue Nov 30 09:48:24 CST 2021
Friendly Automation has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/17606 )
Change subject: config.c: Prevent UB in ast_realtime_require_field.
......................................................................
config.c: Prevent UB in ast_realtime_require_field.
A backend's implementation of the realtime 'require' function may call
va_arg() and then fail, leaving the va_list in an undefined
state. Pass a copy of the va_list instead.
ASTERISK-29771 #close
Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
---
M main/config.c
1 file changed, 5 insertions(+), 2 deletions(-)
Approvals:
Benjamin Keith Ford: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved
Friendly Automation: Approved for Submit
diff --git a/main/config.c b/main/config.c
index 46f05aa..c5e42fa 100644
--- a/main/config.c
+++ b/main/config.c
@@ -3384,16 +3384,19 @@
struct ast_config_engine *eng;
char db[256];
char table[256];
- va_list ap;
+ va_list ap, aq;
int res = -1, i;
va_start(ap, family);
for (i = 1; ; i++) {
if ((eng = find_engine(family, i, db, sizeof(db), table, sizeof(table)))) {
+ va_copy(aq, ap);
/* If the require succeeds, it returns 0. */
- if (eng->require_func && !(res = eng->require_func(db, table, ap))) {
+ if (eng->require_func && !(res = eng->require_func(db, table, aq))) {
+ va_end(aq);
break;
}
+ va_end(aq);
} else {
break;
}
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17606
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
Gerrit-Change-Number: 17606
Gerrit-PatchSet: 3
Gerrit-Owner: Sean Bright <sean at seanbright.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211130/224b79e2/attachment.html>
More information about the asterisk-code-review
mailing list