[asterisk-commits] murf: branch 1.4 r59069 - in /branches/1.4:
apps/ include/asterisk/ pbx/
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Tue Mar 20 10:43:03 MST 2007
Author: murf
Date: Tue Mar 20 12:43:02 2007
New Revision: 59069
URL: http://svn.digium.com/view/asterisk?view=rev&rev=59069
Log:
The fix for the AEL <<security hole>> (bug 9316) is here...
Modified:
branches/1.4/apps/app_stack.c
branches/1.4/include/asterisk/ael_structs.h
branches/1.4/pbx/pbx_ael.c
Modified: branches/1.4/apps/app_stack.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_stack.c?view=diff&rev=59069&r1=59068&r2=59069
==============================================================================
--- branches/1.4/apps/app_stack.c (original)
+++ branches/1.4/apps/app_stack.c Tue Mar 20 12:43:02 2007
@@ -1,7 +1,7 @@
/*
* Asterisk -- An open source telephony toolkit.
*
- * Copyright (c) 2004-2006 Tilghman Lesher <app_stack_v002 at the-tilghman.com>.
+ * Copyright (c) 2004-2006 Tilghman Lesher <app_stack_v003 at the-tilghman.com>.
*
* This code is released by the author with no restrictions on usage.
*
@@ -20,7 +20,7 @@
*
* \brief Stack applications Gosub, Return, etc.
*
- * \author Tilghman Lesher <app_stack_v002 at the-tilghman.com>
+ * \author Tilghman Lesher <app_stack_v003 at the-tilghman.com>
*
* \ingroup applications
*/
@@ -41,9 +41,9 @@
#include "asterisk/pbx.h"
#include "asterisk/module.h"
#include "asterisk/config.h"
+#include "asterisk/app.h"
#define STACKVAR "~GOSUB~STACK~"
-
static const char *app_gosub = "Gosub";
static const char *app_gosubif = "GosubIf";
@@ -56,63 +56,219 @@
static const char *pop_synopsis = "Remove one address from gosub stack";
static const char *gosub_descrip =
-"Gosub([[context|]exten|]priority)\n"
+"Gosub([[context|]exten|]priority[(arg1[|...][|argN])])\n"
" Jumps to the label specified, saving the return address.\n";
static const char *gosubif_descrip =
-"GosubIf(condition?labeliftrue[:labeliffalse])\n"
+"GosubIf(condition?labeliftrue[(arg1[|...])][:labeliffalse[(arg1[|...])]])\n"
" If the condition is true, then jump to labeliftrue. If false, jumps to\n"
"labeliffalse, if specified. In either case, a jump saves the return point\n"
"in the dialplan, to be returned to with a Return.\n";
static const char *return_descrip =
-"Return()\n"
-" Jumps to the last label on the stack, removing it.\n";
+"Return([return-value])\n"
+" Jumps to the last label on the stack, removing it. The return value, if\n"
+"any, is saved in the channel variable GOSUB_RETVAL.\n";
static const char *pop_descrip =
"StackPop()\n"
" Removes last label on the stack, discarding it.\n";
+static void gosub_free(void *data);
+
+static struct ast_datastore_info stack_info = {
+ .type = "GOSUB",
+ .destroy = gosub_free,
+};
+
+struct gosub_stack_frame {
+ AST_LIST_ENTRY(gosub_stack_frame) entries;
+ /* 100 arguments is all that we support anyway, but this will handle up to 255 */
+ unsigned char arguments;
+ int priority;
+ char *context;
+ char extension[0];
+};
+
+static void gosub_release_frame(struct ast_channel *chan, struct gosub_stack_frame *frame)
+{
+ unsigned char i;
+ char argname[15];
+
+ /* If chan is not defined, then we're calling it as part of gosub_free,
+ * and the channel variables will be deallocated anyway. Otherwise, we're
+ * just releasing a single frame, so we need to clean up the arguments for
+ * that frame, so that we re-expose the variables from the previous frame
+ * that were hidden by this one.
+ */
+ if (chan) {
+ for (i = 1; i <= frame->arguments && i != 0; i++) {
+ snprintf(argname, sizeof(argname), "ARG%hhd", i);
+ pbx_builtin_setvar_helper(chan, argname, NULL);
+ }
+ }
+ ast_free(frame);
+}
+
+static struct gosub_stack_frame *gosub_allocate_frame(const char *context, const char *extension, int priority, unsigned char arguments)
+{
+ struct gosub_stack_frame *new = NULL;
+ int len_extension = strlen(extension), len_context = strlen(context);
+
+ if ((new = ast_calloc(1, sizeof(*new) + 2 + len_extension + len_context))) {
+ strcpy(new->extension, extension);
+ new->context = new->extension + len_extension + 1;
+ strcpy(new->context, context);
+ new->priority = priority;
+ new->arguments = arguments;
+ }
+ return new;
+}
+
+static void gosub_free(void *data)
+{
+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist = data;
+ struct gosub_stack_frame *oldframe;
+ AST_LIST_LOCK(oldlist);
+ while ((oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries))) {
+ gosub_release_frame(NULL, oldframe);
+ }
+ AST_LIST_UNLOCK(oldlist);
+ AST_LIST_HEAD_DESTROY(oldlist);
+ ast_free(oldlist);
+}
+
static int pop_exec(struct ast_channel *chan, void *data)
{
- pbx_builtin_setvar_helper(chan, STACKVAR, NULL);
+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL);
+ struct gosub_stack_frame *oldframe;
+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist;
+
+ if (!stack_store) {
+ ast_log(LOG_WARNING, "%s called with no gosub stack allocated.\n", app_pop);
+ return 0;
+ }
+
+ oldlist = stack_store->data;
+ AST_LIST_LOCK(oldlist);
+ oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries);
+ AST_LIST_UNLOCK(oldlist);
+
+ if (oldframe)
+ gosub_release_frame(chan, oldframe);
+ else if (option_debug)
+ ast_log(LOG_DEBUG, "%s called with an empty gosub stack\n", app_pop);
return 0;
}
static int return_exec(struct ast_channel *chan, void *data)
{
- const char *label = pbx_builtin_getvar_helper(chan, STACKVAR);
-
- if (ast_strlen_zero(label)) {
+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL);
+ struct gosub_stack_frame *oldframe;
+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist;
+ char *retval = data;
+
+ if (!stack_store) {
+ ast_log(LOG_ERROR, "Return without Gosub: stack is unallocated\n");
+ return -1;
+ }
+
+ oldlist = stack_store->data;
+ AST_LIST_LOCK(oldlist);
+ oldframe = AST_LIST_REMOVE_HEAD(oldlist, entries);
+ AST_LIST_UNLOCK(oldlist);
+
+ if (!oldframe) {
ast_log(LOG_ERROR, "Return without Gosub: stack is empty\n");
return -1;
- } else if (ast_parseable_goto(chan, label)) {
- ast_log(LOG_WARNING, "No next statement after Gosub?\n");
+ }
+
+ ast_explicit_goto(chan, oldframe->context, oldframe->extension, oldframe->priority);
+ gosub_release_frame(chan, oldframe);
+
+ /* Set a return value, if any */
+ pbx_builtin_setvar_helper(chan, "GOSUB_RETVAL", S_OR(retval, ""));
+ return 0;
+}
+
+static int gosub_exec(struct ast_channel *chan, void *data)
+{
+ struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL);
+ AST_LIST_HEAD(, gosub_stack_frame) *oldlist;
+ struct gosub_stack_frame *newframe;
+ char argname[15], *tmp = ast_strdupa(data), *label, *endparen;
+ int i;
+ struct ast_module_user *u;
+ AST_DECLARE_APP_ARGS(args2,
+ AST_APP_ARG(argval)[100];
+ );
+
+ if (ast_strlen_zero(data)) {
+ ast_log(LOG_ERROR, "%s requires an argument: %s([[context|]exten|]priority[(arg1[|...][|argN])])\n", app_gosub, app_gosub);
return -1;
}
- pbx_builtin_setvar_helper(chan, STACKVAR, NULL);
- return 0;
-}
-
-static int gosub_exec(struct ast_channel *chan, void *data)
-{
- char newlabel[AST_MAX_EXTENSION * 2 + 3 + 11];
- struct ast_module_user *u;
-
- if (ast_strlen_zero(data)) {
- ast_log(LOG_ERROR, "%s requires an argument: %s([[context|]exten|]priority)\n", app_gosub, app_gosub);
- return -1;
- }
-
u = ast_module_user_add(chan);
- snprintf(newlabel, sizeof(newlabel), "%s|%s|%d", chan->context, chan->exten, chan->priority + 1);
-
- if (ast_parseable_goto(chan, data)) {
+
+ if (!stack_store) {
+ if (option_debug)
+ ast_log(LOG_DEBUG, "Channel %s has no datastore, so we're allocating one.\n", chan->name);
+ stack_store = ast_channel_datastore_alloc(&stack_info, NULL);
+ if (!stack_store) {
+ ast_log(LOG_ERROR, "Unable to allocate new datastore. Gosub will fail.\n");
+ ast_module_user_remove(u);
+ return -1;
+ }
+
+ oldlist = ast_calloc(1, sizeof(*oldlist));
+ if (!oldlist) {
+ ast_log(LOG_ERROR, "Unable to allocate datastore list head. Gosub will fail.\n");
+ ast_channel_datastore_free(stack_store);
+ ast_module_user_remove(u);
+ return -1;
+ }
+
+ stack_store->data = oldlist;
+ AST_LIST_HEAD_INIT(oldlist);
+ ast_channel_datastore_add(chan, stack_store);
+ }
+
+ /* Separate the arguments from the label */
+ /* NOTE: you cannot use ast_app_separate_args for this, because '(' cannot be used as a delimiter. */
+ label = strsep(&tmp, "(");
+ if (tmp) {
+ endparen = strrchr(tmp, ')');
+ if (endparen)
+ *endparen = '\0';
+ else
+ ast_log(LOG_WARNING, "Ouch. No closing paren: '%s'?\n", (char *)data);
+ AST_STANDARD_APP_ARGS(args2, tmp);
+ } else
+ args2.argc = 0;
+
+ /* Create the return address, but don't save it until we know that the Gosub destination exists */
+ newframe = gosub_allocate_frame(chan->context, chan->exten, chan->priority + 1, args2.argc);
+
+ if (ast_parseable_goto(chan, label)) {
+ ast_log(LOG_ERROR, "Gosub address is invalid: '%s'\n", (char *)data);
+ ast_free(newframe);
ast_module_user_remove(u);
return -1;
}
- pbx_builtin_pushvar_helper(chan, STACKVAR, newlabel);
+ /* Now that we know for certain that we're going to a new location, set our arguments */
+ for (i = 0; i < args2.argc; i++) {
+ snprintf(argname, sizeof(argname), "ARG%d", i + 1);
+ pbx_builtin_pushvar_helper(chan, argname, args2.argval[i]);
+ if (option_debug)
+ ast_log(LOG_DEBUG, "Setting '%s' to '%s'\n", argname, args2.argval[i]);
+ }
+
+ /* And finally, save our return address */
+ oldlist = stack_store->data;
+ AST_LIST_LOCK(oldlist);
+ AST_LIST_INSERT_HEAD(oldlist, newframe, entries);
+ AST_LIST_UNLOCK(oldlist);
+
ast_module_user_remove(u);
return 0;
@@ -121,28 +277,39 @@
static int gosubif_exec(struct ast_channel *chan, void *data)
{
struct ast_module_user *u;
- char *condition="", *label1, *label2, *args;
+ char *args;
int res=0;
+ AST_DECLARE_APP_ARGS(cond,
+ AST_APP_ARG(ition);
+ AST_APP_ARG(labels);
+ );
+ AST_DECLARE_APP_ARGS(label,
+ AST_APP_ARG(iftrue);
+ AST_APP_ARG(iffalse);
+ );
if (ast_strlen_zero(data)) {
- ast_log(LOG_WARNING, "GosubIf requires an argument\n");
+ ast_log(LOG_WARNING, "GosubIf requires an argument: GosubIf(cond?label1(args):label2(args)\n");
return 0;
}
+ u = ast_module_user_add(chan);
+
args = ast_strdupa(data);
-
- u = ast_module_user_add(chan);
-
- condition = strsep(&args, "?");
- label1 = strsep(&args, ":");
- label2 = args;
-
- if (pbx_checkcondition(condition)) {
- if (label1) {
- res = gosub_exec(chan, label1);
- }
- } else if (label2) {
- res = gosub_exec(chan, label2);
+ AST_NONSTANDARD_APP_ARGS(cond, args, '?');
+ if (cond.argc != 2) {
+ ast_log(LOG_WARNING, "GosubIf requires an argument: GosubIf(cond?label1(args):label2(args)\n");
+ ast_module_user_remove(u);
+ return 0;
+ }
+
+ AST_NONSTANDARD_APP_ARGS(label, cond.labels, ':');
+
+ if (pbx_checkcondition(cond.ition)) {
+ if (!ast_strlen_zero(label.iftrue))
+ res = gosub_exec(chan, label.iftrue);
+ } else if (!ast_strlen_zero(label.iffalse)) {
+ res = gosub_exec(chan, label.iffalse);
}
ast_module_user_remove(u);
Modified: branches/1.4/include/asterisk/ael_structs.h
URL: http://svn.digium.com/view/asterisk/branches/1.4/include/asterisk/ael_structs.h?view=diff&rev=59069&r1=59068&r2=59069
==============================================================================
--- branches/1.4/include/asterisk/ael_structs.h (original)
+++ branches/1.4/include/asterisk/ael_structs.h Tue Mar 20 12:43:02 2007
@@ -176,6 +176,7 @@
char *cidmatch;
char *hints;
int regexten;
+ int is_switch;
struct ast_context *context;
Modified: branches/1.4/pbx/pbx_ael.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/pbx/pbx_ael.c?view=diff&rev=59069&r1=59068&r2=59069
==============================================================================
--- branches/1.4/pbx/pbx_ael.c (original)
+++ branches/1.4/pbx/pbx_ael.c Tue Mar 20 12:43:02 2007
@@ -3055,7 +3055,7 @@
switch_end = new_prio();
switch_test->type = AEL_APPCALL;
switch_end->type = AEL_APPCALL;
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",control_statement_count, p->u1.str);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",control_statement_count, p->u1.str);
switch_test->app = strdup("Goto");
switch_test->appargs = strdup(buf1);
snprintf(buf1,sizeof(buf1),"Finish switch-%s-%d", label, control_statement_count);
@@ -3077,6 +3077,7 @@
/* ok, generate a extension and link it in */
switch_case = new_exten();
switch_case->context = this_context;
+ switch_case->is_switch = 1;
/* the break/continue locations are inherited from parent */
switch_case->loop_break = exten->loop_break;
switch_case->loop_continue = exten->loop_continue;
@@ -3100,7 +3101,7 @@
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",local_control_statement_count, p2->next->u1.str);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",local_control_statement_count, p2->next->u1.str);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_PATTERN) {
@@ -3108,14 +3109,14 @@
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
gen_match_to_pattern(p2->next->u1.str, buf2);
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1", local_control_statement_count, buf2);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10", local_control_statement_count, buf2);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_DEFAULT) {
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-.|1",local_control_statement_count);
+ snprintf(buf1,sizeof(buf1),"sw-%d-.|10",local_control_statement_count);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (!p2->next) {
@@ -3140,6 +3141,7 @@
/* ok, generate a extension and link it in */
switch_case = new_exten();
switch_case->context = this_context;
+ switch_case->is_switch = 1;
/* the break/continue locations are inherited from parent */
switch_case->loop_break = exten->loop_break;
switch_case->loop_continue = exten->loop_continue;
@@ -3162,7 +3164,7 @@
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",local_control_statement_count, p2->next->u1.str);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",local_control_statement_count, p2->next->u1.str);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_PATTERN) {
@@ -3170,14 +3172,14 @@
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
gen_match_to_pattern(p2->next->u1.str, buf2);
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",local_control_statement_count, buf2);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",local_control_statement_count, buf2);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_DEFAULT) {
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-.|1",local_control_statement_count);
+ snprintf(buf1,sizeof(buf1),"sw-%d-.|10",local_control_statement_count);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (!p2->next) {
@@ -3203,6 +3205,7 @@
/* ok, generate a extension and link it in */
switch_case = new_exten();
switch_case->context = this_context;
+ switch_case->is_switch = 1;
/* the break/continue locations are inherited from parent */
switch_case->loop_break = exten->loop_break;
switch_case->loop_continue = exten->loop_continue;
@@ -3226,7 +3229,7 @@
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",local_control_statement_count, p2->next->u1.str);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",local_control_statement_count, p2->next->u1.str);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_PATTERN) {
@@ -3234,14 +3237,14 @@
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
gen_match_to_pattern(p2->next->u1.str, buf2);
- snprintf(buf1,sizeof(buf1),"sw-%d-%s|1",local_control_statement_count, buf2);
+ snprintf(buf1,sizeof(buf1),"sw-%d-%s|10",local_control_statement_count, buf2);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (p2->next && p2->next->type == PV_DEFAULT) {
fall_thru = new_prio();
fall_thru->type = AEL_APPCALL;
fall_thru->app = strdup("Goto");
- snprintf(buf1,sizeof(buf1),"sw-%d-.|1",local_control_statement_count);
+ snprintf(buf1,sizeof(buf1),"sw-%d-.|10",local_control_statement_count);
fall_thru->appargs = strdup(buf1);
linkprio(switch_case, fall_thru);
} else if (!p2->next) {
@@ -3513,7 +3516,9 @@
int i;
struct ael_priority *pr;
do {
- if (exten->regexten)
+ if (exten->is_switch)
+ i = 10;
+ else if (exten->regexten)
i=2;
else
i=1;
More information about the asterisk-commits
mailing list