[asterisk-commits] twilson: branch 1.6.2 r310996 - in /branches/1.6.2/main: manager.c tcptls.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Mar 16 14:37:59 CDT 2011


Author: twilson
Date: Wed Mar 16 14:37:54 2011
New Revision: 310996

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=310996
Log:
Fix crash on fdopen failure

See security advisory AST-2011-004

(closes issue #18845)
Reported by: cmaj
Patches: 
     patch-main-tcptls-1.8.3-rc2-open-session-crash-take2.diff.txt uploaded by cmaj (license 830)
     patch-main-tcptls-1.8.3-rc2-open-session-crash-take3.diff.txt uploaded by cmaj (license 830)
Tested by: cmaj, twilson

Modified:
    branches/1.6.2/main/manager.c
    branches/1.6.2/main/tcptls.c

Modified: branches/1.6.2/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/main/manager.c?view=diff&rev=310996&r1=310995&r2=310996
==============================================================================
--- branches/1.6.2/main/manager.c (original)
+++ branches/1.6.2/main/manager.c Wed Mar 16 14:37:54 2011
@@ -228,7 +228,6 @@
 	struct mansession_session *session;
 	FILE *f;
 	int fd;
-	int write_error:1;
 };
 
 static AST_LIST_HEAD_STATIC(sessions, mansession_session);
@@ -965,15 +964,11 @@
  */
 static int send_string(struct mansession *s, char *string)
 {
-	int res;
-
-	if (s->f && (res = ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout))) {
-		s->write_error = 1;
-	} else if ((res = ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout))) {
-		s->write_error = 1;
-	}
-
-	return res;
+	if (s->f) {
+		return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
+	} else {
+		return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
+	}
 }
 
 /*!
@@ -3282,7 +3277,7 @@
 
 	astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION);	/* welcome prompt */
 	for (;;) {
-		if ((res = do_message(&s)) < 0 || s.write_error)
+		if ((res = do_message(&s)) < 0)
 			break;
 	}
 	/* session is over, explain why and terminate */

Modified: branches/1.6.2/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/branches/1.6.2/main/tcptls.c?view=diff&rev=310996&r1=310995&r2=310996
==============================================================================
--- branches/1.6.2/main/tcptls.c (original)
+++ branches/1.6.2/main/tcptls.c Wed Mar 16 14:37:54 2011
@@ -139,8 +139,12 @@
 	* open a FILE * as appropriate.
 	*/
 	if (!tcptls_session->parent->tls_cfg) {
-		tcptls_session->f = fdopen(tcptls_session->fd, "w+");
-		setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+		if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+			if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+				fclose(tcptls_session->f);
+				tcptls_session->f = NULL;
+			}
+		}
 	}
 #ifdef DO_SSL
 	else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {




More information about the asterisk-commits mailing list