[asterisk-commits] tilghman: trunk r294990 - in /trunk: ./ funcs/func_curl.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Nov 15 01:45:47 CST 2010
Author: tilghman
Date: Mon Nov 15 01:45:42 2010
New Revision: 294990
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=294990
Log:
Merged revisions 294989 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8
................
r294989 | tilghman | 2010-11-15 01:44:38 -0600 (Mon, 15 Nov 2010) | 15 lines
Merged revisions 294988 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
........
r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines
It is possible to crash Asterisk by feeding the curl engine invalid data.
(closes issue #18161)
Reported by: wdoekes
Patches:
20101029__issue18161.diff.txt uploaded by tilghman (license 14)
Tested by: tilghman
........
................
Modified:
trunk/ (props changed)
trunk/funcs/func_curl.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.8-merged' - no diff available.
Modified: trunk/funcs/func_curl.c
URL: http://svnview.digium.com/svn/asterisk/trunk/funcs/func_curl.c?view=diff&rev=294990&r1=294989&r2=294990
==============================================================================
--- trunk/funcs/func_curl.c (original)
+++ trunk/funcs/func_curl.c Mon Nov 15 01:45:42 2010
@@ -529,8 +529,11 @@
struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
int rowcount = 0;
- while ((piece = strsep(&remainder, "&"))) {
+ while (fields && values && (piece = strsep(&remainder, "&"))) {
char *name = strsep(&piece, "=");
+ if (!piece) {
+ piece = "";
+ }
ast_uri_decode(piece);
ast_uri_decode(name);
ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);
More information about the asterisk-commits
mailing list