[Asterisk-code-review] stasis_recording: Perform a complete match on requested filename. (asterisk[master])

Wed Mar 23 18:08:19 CDT 2022

Kevin Harwell has submitted this change. ( https://gerrit.asterisk.org/c/asterisk/+/18208 )

Change subject: stasis_recording: Perform a complete match on requested filename.
......................................................................

stasis_recording: Perform a complete match on requested filename.

Using the length of a file found on the filesystem rather than the
file being requested could result in filenames whose names are
substrings of another to be erroneously matched.

We now ensure a complete comparison before returning a positive
result.

ASTERISK-29960 #close

Change-Id: Id3ffc77681b9b75b8569062f3d952a128a21c71a
---
M res/stasis_recording/stored.c
1 file changed, 5 insertions(+), 1 deletion(-)

Approvals:
  Joshua Colp: Looks good to me, but someone else must approve
  Benjamin Keith Ford: Looks good to me, approved
  Kevin Harwell: Approved for Submit

diff --git a/res/stasis_recording/stored.c b/res/stasis_recording/stored.c
index 6cdca96..9e9ae58 100644
--- a/res/stasis_recording/stored.c
+++ b/res/stasis_recording/stored.c
@@ -130,6 +130,7 @@
 
 struct match_recording_data {
 	const char *file;
+	size_t length;
 	char *file_with_ext;
 };
 
@@ -160,7 +161,9 @@
 	int num;
 
 	/* If not a recording or the names do not match the keep searching */
-	if (!(num = is_recording(filename)) || strncmp(data->file, filename, num)) {
+	if (!(num = is_recording(filename))
+	   || data->length != num
+	   || strncmp(data->file, filename, num)) {
 		return 0;
 	}
 
@@ -186,6 +189,7 @@
 {
 	struct match_recording_data data = {
 		.file = file,
+		.length = strlen(file),
 		.file_with_ext = NULL
 	};
 

-- 
To view, visit https://gerrit.asterisk.org/c/asterisk/+/18208
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Id3ffc77681b9b75b8569062f3d952a128a21c71a
Gerrit-Change-Number: 18208
Gerrit-PatchSet: 2
Gerrit-Owner: Sean Bright <sean at seanbright.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: Joshua Colp <jcolp at sangoma.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-MessageType: merged
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20220323/7ae14ccf/attachment.html>
