[asterisk-commits] tilghman: branch 1.8 r294989 - in /branches/1.8: ./ funcs/func_curl.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Nov 15 01:44:43 CST 2010


Author: tilghman
Date: Mon Nov 15 01:44:38 2010
New Revision: 294989

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=294989
Log:
Merged revisions 294988 via svnmerge from 
https://origsvn.digium.com/svn/asterisk/branches/1.6.2

........
  r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines
  
  It is possible to crash Asterisk by feeding the curl engine invalid data.
  
  (closes issue #18161)
   Reported by: wdoekes
   Patches: 
         20101029__issue18161.diff.txt uploaded by tilghman (license 14)
   Tested by: tilghman
........

Modified:
    branches/1.8/   (props changed)
    branches/1.8/funcs/func_curl.c

Propchange: branches/1.8/
------------------------------------------------------------------------------
Binary property 'branch-1.6.2-merged' - no diff available.

Modified: branches/1.8/funcs/func_curl.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/funcs/func_curl.c?view=diff&rev=294989&r1=294988&r2=294989
==============================================================================
--- branches/1.8/funcs/func_curl.c (original)
+++ branches/1.8/funcs/func_curl.c Mon Nov 15 01:44:38 2010
@@ -529,8 +529,11 @@
 			struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
 			struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
 			int rowcount = 0;
-			while ((piece = strsep(&remainder, "&"))) {
+			while (fields && values && (piece = strsep(&remainder, "&"))) {
 				char *name = strsep(&piece, "=");
+				if (!piece) {
+					piece = "";
+				}
 				ast_uri_decode(piece);
 				ast_uri_decode(name);
 				ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);




More information about the asterisk-commits mailing list