[asterisk-commits] mmichelson: branch 1.4 r163080 - /branches/1.4/apps/app_queue.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Dec 11 10:24:43 CST 2008


Author: mmichelson
Date: Thu Dec 11 10:24:43 2008
New Revision: 163080

URL: http://svn.digium.com/view/asterisk?view=rev&rev=163080
Log:
Fix a potential crash due to unsafe datastore handling.

This patch also contains a conversion from using long to time_t
for representing times for a queue, as well as some whitespace
fixes.

(closes issue #14060)
Reported by: nivek
Patches:
      datastore_fixup.patch.corrected uploaded by nivek (license 636)
	  with slight modification from me
Tested by: nivek


Modified:
    branches/1.4/apps/app_queue.c

Modified: branches/1.4/apps/app_queue.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/apps/app_queue.c?view=diff&rev=163080&r1=163079&r2=163080
==============================================================================
--- branches/1.4/apps/app_queue.c (original)
+++ branches/1.4/apps/app_queue.c Thu Dec 11 10:24:43 2008
@@ -2576,7 +2576,7 @@
 struct queue_transfer_ds {
 	struct queue_ent *qe;
 	struct member *member;
-	int starttime;
+	time_t starttime;
 	int callcompletedinsl;
 };
 
@@ -2603,28 +2603,26 @@
  * At the end of this, we want to remove the datastore so that this fixup function is not called on any
  * future masquerades of the caller during the current call.
  */
-static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struct ast_channel *new_chan) 
+static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struct ast_channel *new_chan)
 {
 	struct queue_transfer_ds *qtds = data;
 	struct queue_ent *qe = qtds->qe;
 	struct member *member = qtds->member;
-	int callstart = qtds->starttime;
+	time_t callstart = qtds->starttime;
 	int callcompletedinsl = qtds->callcompletedinsl;
 	struct ast_datastore *datastore;
 
 	ast_queue_log(qe->parent->name, qe->chan->uniqueid, member->membername, "TRANSFER", "%s|%s|%ld|%ld",
-				new_chan->exten, new_chan->context, (long) (callstart - qe->start),
-				(long) (time(NULL) - callstart));
+				new_chan->exten, new_chan->context, (time_t) (callstart - qe->start),
+				(time_t) (time(NULL) - callstart));
 
 	update_queue(qe->parent, member, callcompletedinsl);
 	
-	if (!(datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) {
+	if ((datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) {
+		ast_channel_datastore_remove(new_chan, datastore);
+	} else {
 		ast_log(LOG_WARNING, "Can't find the queue_transfer datastore.\n");
-		return;
-	}
-
-	ast_channel_datastore_remove(new_chan, datastore);
-	ast_channel_datastore_free(datastore);
+	}
 }
 
 /*! \brief mechanism to tell if a queue caller was atxferred by a queue member.
@@ -2640,21 +2638,21 @@
 
 /*! \brief create a datastore for storing relevant info to log attended transfers in the queue_log
  */
-static void setup_transfer_datastore(struct queue_ent *qe, struct member *member, int starttime, int callcompletedinsl)
+static struct ast_datastore *setup_transfer_datastore(struct queue_ent *qe, struct member *member, time_t starttime, int callcompletedinsl)
 {
 	struct ast_datastore *ds;
 	struct queue_transfer_ds *qtds = ast_calloc(1, sizeof(*qtds));
 
 	if (!qtds) {
 		ast_log(LOG_WARNING, "Memory allocation error!\n");
-		return;
+		return NULL;
 	}
 
 	ast_channel_lock(qe->chan);
 	if (!(ds = ast_channel_datastore_alloc(&queue_transfer_info, NULL))) {
 		ast_channel_unlock(qe->chan);
 		ast_log(LOG_WARNING, "Unable to create transfer datastore. queue_log will not show attended transfer\n");
-		return;
+		return NULL;
 	}
 
 	qtds->qe = qe;
@@ -2665,6 +2663,7 @@
 	ds->data = qtds;
 	ast_channel_datastore_add(qe->chan, ds);
 	ast_channel_unlock(qe->chan);
+	return ds;
 }
 
 
@@ -2728,7 +2727,7 @@
 	int forwardsallowed = 1;
 	int callcompletedinsl;
 	struct ao2_iterator memi;
-	struct ast_datastore *datastore;
+	struct ast_datastore *datastore, *transfer_ds;
 
 	ast_channel_lock(qe->chan);
 	datastore = ast_channel_datastore_find(qe->chan, &dialed_interface_info, NULL);
@@ -3151,11 +3150,11 @@
 		if (member->status == AST_DEVICE_NOT_INUSE)
 			ast_log(LOG_WARNING, "The device state of this queue member, %s, is still 'Not in Use' when it probably should not be! Please check UPGRADE.txt for correct configuration settings.\n", member->membername);
 			
-		setup_transfer_datastore(qe, member, callstart, callcompletedinsl);
+		transfer_ds = setup_transfer_datastore(qe, member, callstart, callcompletedinsl);
 		bridge = ast_bridge_call(qe->chan,peer, &bridge_config);
 
 		if (bridge != AST_PBX_KEEPALIVE && !attended_transfer_occurred(qe->chan)) {
-			struct ast_datastore *transfer_ds;
+			struct ast_datastore *tds;
 			if (strcasecmp(oldcontext, qe->chan->context) || strcasecmp(oldexten, qe->chan->exten)) {
 				ast_queue_log(queuename, qe->chan->uniqueid, member->membername, "TRANSFER", "%s|%s|%ld|%ld",
 					qe->chan->exten, qe->chan->context, (long) (callstart - qe->start),
@@ -3195,15 +3194,16 @@
 							qe->parent->eventwhencalled == QUEUE_EVENT_VARIABLES ? vars2manager(qe->chan, vars, sizeof(vars)) : "");
 			}
 			ast_channel_lock(qe->chan);
-			transfer_ds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL);
-			if (transfer_ds) {
-				ast_channel_datastore_remove(qe->chan, transfer_ds);
-				ast_channel_datastore_free(transfer_ds);
+			if ((tds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL))) {
+				ast_channel_datastore_remove(qe->chan, tds);
 			}
 			ast_channel_unlock(qe->chan);
 			update_queue(qe->parent, member, callcompletedinsl);
 		}
 
+		if (transfer_ds) {
+			ast_channel_datastore_free(transfer_ds);
+		}
 		if (bridge != AST_PBX_NO_HANGUP_PEER && bridge != AST_PBX_NO_HANGUP_PEER_PARKED)
 			ast_hangup(peer);
 		res = bridge ? bridge : 1;
@@ -3447,7 +3447,7 @@
 /* Reload dynamic queue members persisted into the astdb */
 static void reload_queue_members(void)
 {
-	char *cur_ptr;	
+	char *cur_ptr;
 	char *queue_name;
 	char *member;
 	char *interface;




More information about the asterisk-commits mailing list