[asterisk-commits] russell: trunk r269417 - in /trunk: include/asterisk/event.h main/event.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Jun 9 16:11:47 CDT 2010


Author: russell
Date: Wed Jun  9 16:11:43 2010
New Revision: 269417

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=269417
Log:
Resolve an invalid memory read on an event.

Valgrind pointed out that attempting to get an IE value from an event that has
no IEs produces an invalid memory read past the end of the event.  Thanks to
mmichelson for pointing the problem out to me and then testing the fix.

Modified:
    trunk/include/asterisk/event.h
    trunk/main/event.c

Modified: trunk/include/asterisk/event.h
URL: http://svnview.digium.com/svn/asterisk/trunk/include/asterisk/event.h?view=diff&rev=269417&r1=269416&r2=269417
==============================================================================
--- trunk/include/asterisk/event.h (original)
+++ trunk/include/asterisk/event.h Wed Jun  9 16:11:43 2010
@@ -663,9 +663,10 @@
  * \param iterator The iterator instance to initialize
  * \param event The event that will be iterated through
  *
- * \return Nothing
- */
-void ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event);
+ * \retval 0 Success, there are IEs available to iterate
+ * \retval -1 Failure, there are no IEs in the event to iterate
+ */
+int ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event);
 
 /*!
  * \brief Move iterator instance to next IE

Modified: trunk/main/event.c
URL: http://svnview.digium.com/svn/asterisk/trunk/main/event.c?view=diff&rev=269417&r1=269416&r2=269417
==============================================================================
--- trunk/main/event.c (original)
+++ trunk/main/event.c Wed Jun  9 16:11:43 2010
@@ -935,11 +935,20 @@
 	return NULL;
 }
 
-void ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event)
-{
+int ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event)
+{
+	int res = 0;
+
 	iterator->event_len = ast_event_get_size(event);
 	iterator->event = event;
-	iterator->ie = (struct ast_event_ie *) ( ((char *) event) + sizeof(*event) );
+	if (iterator->event_len >= sizeof(*event) + sizeof(struct ast_event_ie)) {
+		iterator->ie = (struct ast_event_ie *) ( ((char *) event) + sizeof(*event) );
+	} else {
+		iterator->ie = NULL;
+		res = -1;
+	}
+
+	return res;
 }
 
 int ast_event_iterator_next(struct ast_event_iterator *iterator)
@@ -1021,9 +1030,9 @@
 const void *ast_event_get_ie_raw(const struct ast_event *event, enum ast_event_ie_type ie_type)
 {
 	struct ast_event_iterator iterator;
-	int res = 0;
-
-	for (ast_event_iterator_init(&iterator, event); !res; res = ast_event_iterator_next(&iterator)) {
+	int res;
+
+	for (res = ast_event_iterator_init(&iterator, event); !res; res = ast_event_iterator_next(&iterator)) {
 		if (ast_event_iterator_get_ie_type(&iterator) == ie_type) {
 			return ast_event_iterator_get_ie_raw(&iterator);
 		}




More information about the asterisk-commits mailing list