[asterisk-commits] tilghman: branch 1.8 r294989 - in /branches/1.8: ./ funcs/func_curl.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Nov 15 01:44:43 CST 2010
Author: tilghman
Date: Mon Nov 15 01:44:38 2010
New Revision: 294989
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=294989
Log:
Merged revisions 294988 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
........
r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines
It is possible to crash Asterisk by feeding the curl engine invalid data.
(closes issue #18161)
Reported by: wdoekes
Patches:
20101029__issue18161.diff.txt uploaded by tilghman (license 14)
Tested by: tilghman
........
Modified:
branches/1.8/ (props changed)
branches/1.8/funcs/func_curl.c
Propchange: branches/1.8/
------------------------------------------------------------------------------
Binary property 'branch-1.6.2-merged' - no diff available.
Modified: branches/1.8/funcs/func_curl.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.8/funcs/func_curl.c?view=diff&rev=294989&r1=294988&r2=294989
==============================================================================
--- branches/1.8/funcs/func_curl.c (original)
+++ branches/1.8/funcs/func_curl.c Mon Nov 15 01:44:38 2010
@@ -529,8 +529,11 @@
struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
int rowcount = 0;
- while ((piece = strsep(&remainder, "&"))) {
+ while (fields && values && (piece = strsep(&remainder, "&"))) {
char *name = strsep(&piece, "=");
+ if (!piece) {
+ piece = "";
+ }
ast_uri_decode(piece);
ast_uri_decode(name);
ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);
More information about the asterisk-commits
mailing list