<p>George Joseph <strong>merged</strong> this change.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/11670">View Change</a></p><div style="white-space:pre-wrap">Approvals:
Joshua Colp: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
</div><pre style="font-family: monospace,monospace; white-space: pre-wrap;">various modules: json integer overflow<br><br>There were still a few places in the code that could overflow when "packing"<br>a json object with a value outside the base type integer's range. For instance:<br><br>unsigned int value = INT_MAX + 1<br>ast_json_pack("{s: i}", value);<br><br>would result in a negative number being "packed". In those situations this patch<br>alters those values to a ast_json_int_t, which widens the value up to a long or<br>long long.<br><br>ASTERISK-28480<br><br>Change-Id: Ied530780d83e6f1772adba0e28d8938ef30c49a1<br>---<br>M apps/app_agent_pool.c<br>M apps/app_queue.c<br>M channels/chan_iax2.c<br>M funcs/func_talkdetect.c<br>M main/aoc.c<br>M main/ccss.c<br>M main/channel.c<br>M main/core_local.c<br>M main/rtp_engine.c<br>M main/stasis_channels.c<br>10 files changed, 38 insertions(+), 38 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/apps/app_agent_pool.c b/apps/app_agent_pool.c</span><br><span>index 5bd6a4d..423293e 100644</span><br><span>--- a/apps/app_agent_pool.c</span><br><span>+++ b/apps/app_agent_pool.c</span><br><span>@@ -1457,9 +1457,9 @@</span><br><span> </span><br><span> ast_assert(agent != NULL);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: s, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: s, s: I}",</span><br><span> "agent", agent,</span><br><span style="color: hsl(0, 100%, 40%);">- "logintime", logintime);</span><br><span style="color: hsl(120, 100%, 40%);">+ "logintime", (ast_json_int_t)logintime);</span><br><span> if (!blob) {</span><br><span> return;</span><br><span> }</span><br><span>diff --git a/apps/app_queue.c b/apps/app_queue.c</span><br><span>index ddb34c9..81289be 100644</span><br><span>--- a/apps/app_queue.c</span><br><span>+++ b/apps/app_queue.c</span><br><span>@@ -5898,12 +5898,12 @@</span><br><span> break;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: s}",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: s, s: s, s: s, s: I, s: I, s: s}",</span><br><span> "Queue", queuename,</span><br><span> "Interface", member->interface,</span><br><span> "MemberName", member->membername,</span><br><span style="color: hsl(0, 100%, 40%);">- "HoldTime", (long)(callstart - holdstart),</span><br><span style="color: hsl(0, 100%, 40%);">- "TalkTime", (long)(time(NULL) - callstart),</span><br><span style="color: hsl(120, 100%, 40%);">+ "HoldTime", (ast_json_int_t)(callstart - holdstart),</span><br><span style="color: hsl(120, 100%, 40%);">+ "TalkTime", (ast_json_int_t)(time(NULL) - callstart),</span><br><span> "Reason", reason ?: "");</span><br><span> </span><br><span> queue_publish_multi_channel_snapshot_blob(ast_queue_topic(queuename), caller, peer,</span><br><span>@@ -7174,12 +7174,12 @@</span><br><span> ast_queue_log(queuename, ast_channel_uniqueid(qe->chan), member->membername, "CONNECT", "%ld|%s|%ld", (long) (time(NULL) - qe->start), ast_channel_uniqueid(peer),</span><br><span> (long)(orig - to > 0 ? (orig - to) / 1000 : 0));</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: s, s: s, s: s, s: I, s: I}",</span><br><span> "Queue", queuename,</span><br><span> "Interface", member->interface,</span><br><span> "MemberName", member->membername,</span><br><span style="color: hsl(0, 100%, 40%);">- "HoldTime", (long) (time(NULL) - qe->start),</span><br><span style="color: hsl(0, 100%, 40%);">- "RingTime", (long)(orig - to > 0 ? (orig - to) / 1000 : 0));</span><br><span style="color: hsl(120, 100%, 40%);">+ "HoldTime", (ast_json_int_t)(time(NULL) - qe->start),</span><br><span style="color: hsl(120, 100%, 40%);">+ "RingTime", (ast_json_int_t)(orig - to > 0 ? (orig - to) / 1000 : 0));</span><br><span> queue_publish_multi_channel_blob(qe->chan, peer, queue_agent_connect_type(), blob);</span><br><span> </span><br><span> ast_copy_string(oldcontext, ast_channel_context(qe->chan), sizeof(oldcontext));</span><br><span>diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c</span><br><span>index 30f9496..add593d 100644</span><br><span>--- a/channels/chan_iax2.c</span><br><span>+++ b/channels/chan_iax2.c</span><br><span>@@ -11111,18 +11111,18 @@</span><br><span> if (iaxs[fr->callno]->pingtime <= peer->maxms) {</span><br><span> ast_log(LOG_NOTICE, "Peer '%s' is now REACHABLE! Time: %u\n", peer->name, iaxs[fr->callno]->pingtime);</span><br><span> ast_endpoint_set_state(peer->endpoint, AST_ENDPOINT_ONLINE);</span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: s, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: s, s: I}",</span><br><span> "peer_status", "Reachable",</span><br><span style="color: hsl(0, 100%, 40%);">- "time", iaxs[fr->callno]->pingtime);</span><br><span style="color: hsl(120, 100%, 40%);">+ "time", (ast_json_int_t)iaxs[fr->callno]->pingtime);</span><br><span> ast_devstate_changed(AST_DEVICE_NOT_INUSE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */</span><br><span> }</span><br><span> } else if ((peer->historicms > 0) && (peer->historicms <= peer->maxms)) {</span><br><span> if (iaxs[fr->callno]->pingtime > peer->maxms) {</span><br><span> ast_log(LOG_NOTICE, "Peer '%s' is now TOO LAGGED (%u ms)!\n", peer->name, iaxs[fr->callno]->pingtime);</span><br><span> ast_endpoint_set_state(peer->endpoint, AST_ENDPOINT_ONLINE);</span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: s, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: s, s: I}",</span><br><span> "peer_status", "Lagged",</span><br><span style="color: hsl(0, 100%, 40%);">- "time", iaxs[fr->callno]->pingtime);</span><br><span style="color: hsl(120, 100%, 40%);">+ "time", (ast_json_int_t)iaxs[fr->callno]->pingtime);</span><br><span> ast_devstate_changed(AST_DEVICE_UNAVAILABLE, AST_DEVSTATE_CACHABLE, "IAX2/%s", peer->name); /* Activate notification */</span><br><span> }</span><br><span> }</span><br><span>diff --git a/funcs/func_talkdetect.c b/funcs/func_talkdetect.c</span><br><span>index 5c7f41a..bb61bb0 100644</span><br><span>--- a/funcs/func_talkdetect.c</span><br><span>+++ b/funcs/func_talkdetect.c</span><br><span>@@ -203,7 +203,7 @@</span><br><span> int64_t diff_ms = ast_tvdiff_ms(ast_tvnow(), td_params->talking_start);</span><br><span> diff_ms -= td_params->dsp_silence_threshold;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{s: i}", "duration", diff_ms);</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{s: I}", "duration", (ast_json_int_t)diff_ms);</span><br><span> if (!blob) {</span><br><span> return 1;</span><br><span> }</span><br><span>diff --git a/main/aoc.c b/main/aoc.c</span><br><span>index b8cf301..64f3c1d 100644</span><br><span>--- a/main/aoc.c</span><br><span>+++ b/main/aoc.c</span><br><span>@@ -1738,13 +1738,13 @@</span><br><span> decoded->aoc_s_entries[i].rate.duration.amount,</span><br><span> decoded->aoc_s_entries[i].rate.duration.multiplier);</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- time = ast_json_pack("{s:i, s:i}",</span><br><span style="color: hsl(0, 100%, 40%);">- "Length", decoded->aoc_s_entries[i].rate.duration.time,</span><br><span style="color: hsl(120, 100%, 40%);">+ time = ast_json_pack("{s:I, s:i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ "Length", (ast_json_int_t)decoded->aoc_s_entries[i].rate.duration.time,</span><br><span> "Scale", decoded->aoc_s_entries[i].rate.duration.time_scale);</span><br><span> </span><br><span> if (decoded->aoc_s_entries[i].rate.duration.granularity_time) {</span><br><span style="color: hsl(0, 100%, 40%);">- granularity = ast_json_pack("{s:i, s:i}",</span><br><span style="color: hsl(0, 100%, 40%);">- "Length", decoded->aoc_s_entries[i].rate.duration.granularity_time,</span><br><span style="color: hsl(120, 100%, 40%);">+ granularity = ast_json_pack("{s:I, s:i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ "Length", (ast_json_int_t)decoded->aoc_s_entries[i].rate.duration.granularity_time,</span><br><span> "Scale", decoded->aoc_s_entries[i].rate.duration.granularity_time_scale);</span><br><span> }</span><br><span> </span><br><span>diff --git a/main/ccss.c b/main/ccss.c</span><br><span>index 52ec586..553897b 100644</span><br><span>--- a/main/ccss.c</span><br><span>+++ b/main/ccss.c</span><br><span>@@ -1076,9 +1076,9 @@</span><br><span> {</span><br><span> struct ast_json *extras;</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- extras = ast_json_pack("{s: s, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ extras = ast_json_pack("{s: s, s: I}",</span><br><span> "caller", caller,</span><br><span style="color: hsl(0, 100%, 40%);">- "expires", expires);</span><br><span style="color: hsl(120, 100%, 40%);">+ "expires", (ast_json_int_t)expires);</span><br><span> </span><br><span> cc_publish(ast_cc_offertimerstart_type(), core_id, extras);</span><br><span> ast_json_unref(extras);</span><br><span>diff --git a/main/channel.c b/main/channel.c</span><br><span>index be88a3b..f096087 100644</span><br><span>--- a/main/channel.c</span><br><span>+++ b/main/channel.c</span><br><span>@@ -3328,10 +3328,10 @@</span><br><span> RAII_VAR(struct ast_json *, blob, NULL, ast_json_unref);</span><br><span> char digit_str[] = { digit, '\0' };</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- blob = ast_json_pack("{ s: s, s: s, s: i }",</span><br><span style="color: hsl(120, 100%, 40%);">+ blob = ast_json_pack("{ s: s, s: s, s: I }",</span><br><span> "digit", digit_str,</span><br><span> "direction", dtmf_direction_to_string(direction),</span><br><span style="color: hsl(0, 100%, 40%);">- "duration_ms", duration_ms);</span><br><span style="color: hsl(120, 100%, 40%);">+ "duration_ms", (ast_json_int_t)duration_ms);</span><br><span> if (!blob) {</span><br><span> return;</span><br><span> }</span><br><span>diff --git a/main/core_local.c b/main/core_local.c</span><br><span>index f56aac7..ae28106 100644</span><br><span>--- a/main/core_local.c</span><br><span>+++ b/main/core_local.c</span><br><span>@@ -394,8 +394,8 @@</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- json_object = ast_json_pack("{s: i, s: i}",</span><br><span style="color: hsl(0, 100%, 40%);">- "dest", dest, "id", id);</span><br><span style="color: hsl(120, 100%, 40%);">+ json_object = ast_json_pack("{s: i, s: I}",</span><br><span style="color: hsl(120, 100%, 40%);">+ "dest", dest, "id", (ast_json_int_t)id);</span><br><span> </span><br><span> if (!json_object) {</span><br><span> return;</span><br><span>@@ -436,7 +436,7 @@</span><br><span> return;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- json_object = ast_json_pack("{s: i, s: i}", "success", success, "id", id);</span><br><span style="color: hsl(120, 100%, 40%);">+ json_object = ast_json_pack("{s: i, s: I}", "success", success, "id", (ast_json_int_t)id);</span><br><span> </span><br><span> if (!json_object) {</span><br><span> return;</span><br><span>diff --git a/main/rtp_engine.c b/main/rtp_engine.c</span><br><span>index f409bc2..2153a8f 100644</span><br><span>--- a/main/rtp_engine.c</span><br><span>+++ b/main/rtp_engine.c</span><br><span>@@ -3394,14 +3394,14 @@</span><br><span> char str_lsr[32];</span><br><span> </span><br><span> snprintf(str_lsr, sizeof(str_lsr), "%u", payload->report->report_block[i]->lsr);</span><br><span style="color: hsl(0, 100%, 40%);">- json_report_block = ast_json_pack("{s: I, s: i, s: i, s: i, s: i, s: s, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ json_report_block = ast_json_pack("{s: I, s: I, s: I, s: I, s: I, s: s, s: I}",</span><br><span> "source_ssrc", (ast_json_int_t)payload->report->report_block[i]->source_ssrc,</span><br><span style="color: hsl(0, 100%, 40%);">- "fraction_lost", payload->report->report_block[i]->lost_count.fraction,</span><br><span style="color: hsl(0, 100%, 40%);">- "packets_lost", payload->report->report_block[i]->lost_count.packets,</span><br><span style="color: hsl(0, 100%, 40%);">- "highest_seq_no", payload->report->report_block[i]->highest_seq_no,</span><br><span style="color: hsl(0, 100%, 40%);">- "ia_jitter", payload->report->report_block[i]->ia_jitter,</span><br><span style="color: hsl(120, 100%, 40%);">+ "fraction_lost", (ast_json_int_t)payload->report->report_block[i]->lost_count.fraction,</span><br><span style="color: hsl(120, 100%, 40%);">+ "packets_lost", (ast_json_int_t)payload->report->report_block[i]->lost_count.packets,</span><br><span style="color: hsl(120, 100%, 40%);">+ "highest_seq_no", (ast_json_int_t)payload->report->report_block[i]->highest_seq_no,</span><br><span style="color: hsl(120, 100%, 40%);">+ "ia_jitter", (ast_json_int_t)payload->report->report_block[i]->ia_jitter,</span><br><span> "lsr", str_lsr,</span><br><span style="color: hsl(0, 100%, 40%);">- "dlsr", payload->report->report_block[i]->dlsr);</span><br><span style="color: hsl(120, 100%, 40%);">+ "dlsr", (ast_json_int_t)payload->report->report_block[i]->dlsr);</span><br><span> if (!json_report_block</span><br><span> || ast_json_array_append(json_rtcp_report_blocks, json_report_block)) {</span><br><span> ast_json_unref(json_rtcp_report_blocks);</span><br><span>@@ -3415,21 +3415,21 @@</span><br><span> </span><br><span> snprintf(sec, sizeof(sec), "%lu", (unsigned long)payload->report->sender_information.ntp_timestamp.tv_sec);</span><br><span> snprintf(usec, sizeof(usec), "%lu", (unsigned long)payload->report->sender_information.ntp_timestamp.tv_usec);</span><br><span style="color: hsl(0, 100%, 40%);">- json_rtcp_sender_info = ast_json_pack("{s: s, s: s, s: i, s: i, s: i}",</span><br><span style="color: hsl(120, 100%, 40%);">+ json_rtcp_sender_info = ast_json_pack("{s: s, s: s, s: I, s: I, s: I}",</span><br><span> "ntp_timestamp_sec", sec,</span><br><span> "ntp_timestamp_usec", usec,</span><br><span style="color: hsl(0, 100%, 40%);">- "rtp_timestamp", payload->report->sender_information.rtp_timestamp,</span><br><span style="color: hsl(0, 100%, 40%);">- "packets", payload->report->sender_information.packet_count,</span><br><span style="color: hsl(0, 100%, 40%);">- "octets", payload->report->sender_information.octet_count);</span><br><span style="color: hsl(120, 100%, 40%);">+ "rtp_timestamp", (ast_json_int_t)payload->report->sender_information.rtp_timestamp,</span><br><span style="color: hsl(120, 100%, 40%);">+ "packets", (ast_json_int_t)payload->report->sender_information.packet_count,</span><br><span style="color: hsl(120, 100%, 40%);">+ "octets", (ast_json_int_t)payload->report->sender_information.octet_count);</span><br><span> if (!json_rtcp_sender_info) {</span><br><span> ast_json_unref(json_rtcp_report_blocks);</span><br><span> return NULL;</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- json_rtcp_report = ast_json_pack("{s: I, s: i, s: i, s: o, s: o}",</span><br><span style="color: hsl(120, 100%, 40%);">+ json_rtcp_report = ast_json_pack("{s: I, s: I, s: i, s: o, s: o}",</span><br><span> "ssrc", (ast_json_int_t)payload->report->ssrc,</span><br><span style="color: hsl(0, 100%, 40%);">- "type", payload->report->type,</span><br><span style="color: hsl(120, 100%, 40%);">+ "type", (ast_json_int_t)payload->report->type,</span><br><span> "report_count", payload->report->reception_report_count,</span><br><span> "sender_information", json_rtcp_sender_info ?: ast_json_null(),</span><br><span> "report_blocks", json_rtcp_report_blocks);</span><br><span>diff --git a/main/stasis_channels.c b/main/stasis_channels.c</span><br><span>index be77cb9..12c8f44 100644</span><br><span>--- a/main/stasis_channels.c</span><br><span>+++ b/main/stasis_channels.c</span><br><span>@@ -1408,11 +1408,11 @@</span><br><span> return NULL;</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- return ast_json_pack("{s: s, s: o, s: s, s: i, s: o}",</span><br><span style="color: hsl(120, 100%, 40%);">+ return ast_json_pack("{s: s, s: o, s: s, s: I, s: o}",</span><br><span> "type", "ChannelDtmfReceived",</span><br><span> "timestamp", ast_json_timeval(*tv, NULL),</span><br><span> "digit", digit,</span><br><span style="color: hsl(0, 100%, 40%);">- "duration_ms", duration_ms,</span><br><span style="color: hsl(120, 100%, 40%);">+ "duration_ms", (ast_json_int_t)duration_ms,</span><br><span> "channel", json_channel);</span><br><span> }</span><br><span> </span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/11670">change 11670</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/11670"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: master </div>
<div style="display:none"> Gerrit-Change-Id: Ied530780d83e6f1772adba0e28d8938ef30c49a1 </div>
<div style="display:none"> Gerrit-Change-Number: 11670 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Kevin Harwell <kharwell@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Friendly Automation </div>
<div style="display:none"> Gerrit-Reviewer: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Joshua Colp <jcolp@digium.com> </div>
<div style="display:none"> Gerrit-MessageType: merged </div>