[asterisk-commits] bweschke: trunk r150817 - in /trunk: ./ main/manager.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Fri Oct 17 21:18:35 CDT 2008
Author: bweschke
Date: Fri Oct 17 21:18:33 2008
New Revision: 150817
URL: http://svn.digium.com/view/asterisk?view=rev&rev=150817
Log:
Using the GetVar handler in AMI is potentially dangerous (insta-crash [tm]) when you use a dialplan function that requires a channel and then you don't provide one or provide an invalid one in the Channel: parameter. We'll handle this situation exactly the same way it was handled in pbx.c back on r61766.
We'll create a bogus channel for the function call and destroy it when we're done. If we have trouble allocating the bogus channel then we're not going to try executing the function call at all and run the risk of crashing.
(closes issue #13715)
reported by: makoto
patch by: bweschke
Modified:
trunk/ (props changed)
trunk/main/manager.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-blocked' - no diff available.
Modified: trunk/main/manager.c
URL: http://svn.digium.com/view/asterisk/trunk/main/manager.c?view=diff&rev=150817&r1=150816&r2=150817
==============================================================================
--- trunk/main/manager.c (original)
+++ trunk/main/manager.c Fri Oct 17 21:18:33 2008
@@ -1805,8 +1805,15 @@
}
if (varname[strlen(varname) - 1] == ')') {
-
- ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
+ if (!c) {
+ c = ast_channel_alloc(0, 0, "", "", "", "", "", 0, "Bogus/%p", NULL);
+ if (c) {
+ ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
+ ast_channel_free(c);
+ } else
+ ast_log(LOG_ERROR, "Unable to allocate bogus channel for variable substitution. Function results may be blank.\n");
+ } else
+ ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
varval = workspace;
} else {
pbx_retrieve_variable(c, varname, &varval, workspace, sizeof(workspace), NULL);
More information about the asterisk-commits
mailing list