[asterisk-commits] dlee: trunk r397306 - in /trunk: res/ res/ari/ rest-api/api-docs/

Wed Aug 21 11:24:01 CDT 2013

Author: dlee
Date: Wed Aug 21 11:23:59 2013
New Revision: 397306

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=397306
Log:
ARI: Correct segfault with /variable calls are missing ?variable parameter.

Both /asterisk/variable and /channel/{channelId}/variable requires a
?variable parameter to be passed into the query. But we weren't checking
for the parameter being missing, which caused a segfault.

All calls now properly return 400 Bad Request errors when the parameter
is missing. The Swagger api-docs were updated accordingly.

(closes issue ASTERISK-22273)

Modified:
    trunk/res/ari/resource_asterisk.c
    trunk/res/ari/resource_channels.c
    trunk/res/res_ari_asterisk.c
    trunk/res/res_ari_channels.c
    trunk/rest-api/api-docs/asterisk.json
    trunk/rest-api/api-docs/channels.json

Modified: trunk/res/ari/resource_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/ari/resource_asterisk.c?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================

--- trunk/res/ari/resource_asterisk.c (original)
+++ trunk/res/ari/resource_asterisk.c Wed Aug 21 11:23:59 2013
@@ -143,12 +143,20 @@
 void ast_ari_get_global_var(struct ast_variable *headers, struct ast_get_global_var_args *args, struct ast_ari_response *response)
 {
 	RAII_VAR(struct ast_json *, json, NULL, ast_json_unref);
-	RAII_VAR(struct ast_str *, tmp, ast_str_create(32), ast_free);
+	RAII_VAR(struct ast_str *, tmp, NULL, ast_free);
 
 	const char *value;
 
 	ast_assert(response != NULL);
 
+	if (ast_strlen_zero(args->variable)) {
+		ast_ari_response_error(
+			response, 400, "Bad Request",
+			"Variable name is required");
+		return;
+	}
+
+	tmp = ast_str_create(32);
 	if (!tmp) {
 		ast_ari_response_alloc_failed(response);
 		return;

Modified: trunk/res/ari/resource_channels.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/ari/resource_channels.c?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================
--- trunk/res/ari/resource_channels.c (original)
+++ trunk/res/ari/resource_channels.c Wed Aug 21 11:23:59 2013
@@ -648,8 +648,16 @@
 
 	ast_assert(response != NULL);
 
-	control = find_control(response, args->channel_id);
-	if (control == NULL) {
+	if (ast_strlen_zero(args->variable)) {
+		ast_ari_response_error(
+			response, 400, "Bad Request",
+			"Variable name is required");
+		return;
+	}
+
+	control = find_control(response, args->channel_id);
+	if (control == NULL) {
+		/* response filled in by find_control */
 		return;
 	}
 
@@ -669,11 +677,6 @@
 
 	ast_assert(response != NULL);
 
-	control = find_control(response, args->channel_id);
-	if (control == NULL) {
-		return;
-	}
-
 	if (ast_strlen_zero(args->variable)) {
 		ast_ari_response_error(
 			response, 400, "Bad Request",
@@ -681,6 +684,12 @@
 		return;
 	}
 
+	control = find_control(response, args->channel_id);
+	if (control == NULL) {
+		/* response filled in by find_control */
+		return;
+	}
+
 	if (stasis_app_control_set_channel_var(control, args->variable, args->value)) {
 		ast_ari_response_error(
 			response, 400, "Bad Request",

Modified: trunk/res/res_ari_asterisk.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_ari_asterisk.c?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================
--- trunk/res/res_ari_asterisk.c (original)
+++ trunk/res/res_ari_asterisk.c Wed Aug 21 11:23:59 2013
@@ -175,6 +175,7 @@
 		break;
 	case 500: /* Internal Server Error */
 	case 501: /* Not Implemented */
+	case 400: /* Missing variable parameter. */
 		is_valid = 1;
 		break;
 	default:
@@ -234,6 +235,7 @@
 		break;
 	case 500: /* Internal Server Error */
 	case 501: /* Not Implemented */
+	case 400: /* Missing variable parameter. */
 		is_valid = 1;
 		break;
 	default:

Modified: trunk/res/res_ari_channels.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_ari_channels.c?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================
--- trunk/res/res_ari_channels.c (original)
+++ trunk/res/res_ari_channels.c Wed Aug 21 11:23:59 2013
@@ -1055,6 +1055,7 @@
 		break;
 	case 500: /* Internal Server Error */
 	case 501: /* Not Implemented */
+	case 400: /* Missing variable parameter. */
 	case 404: /* Channel not found */
 	case 409: /* Channel not in a Stasis application */
 		is_valid = 1;
@@ -1122,6 +1123,7 @@
 		break;
 	case 500: /* Internal Server Error */
 	case 501: /* Not Implemented */
+	case 400: /* Missing variable parameter. */
 	case 404: /* Channel not found */
 	case 409: /* Channel not in a Stasis application */
 		is_valid = 1;

Modified: trunk/rest-api/api-docs/asterisk.json
URL: http://svnview.digium.com/svn/asterisk/trunk/rest-api/api-docs/asterisk.json?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================
--- trunk/rest-api/api-docs/asterisk.json (original)
+++ trunk/rest-api/api-docs/asterisk.json Wed Aug 21 11:23:59 2013
@@ -55,6 +55,12 @@
 							"allowMultiple": false,
 							"dataType": "string"
 						}
+					],
+					"errorResponses": [
+						{
+							"code": 400,
+							"reason": "Missing variable parameter."
+						}
 					]
 				},
 				{
@@ -78,6 +84,12 @@
 							"required": false,
 							"allowMultiple": false,
 							"dataType": "string"
+						}
+					],
+					"errorResponses": [
+						{
+							"code": 400,
+							"reason": "Missing variable parameter."
 						}
 					]
 				}

Modified: trunk/rest-api/api-docs/channels.json
URL: http://svnview.digium.com/svn/asterisk/trunk/rest-api/api-docs/channels.json?view=diff&rev=397306&r1=397305&r2=397306
==============================================================================
--- trunk/rest-api/api-docs/channels.json (original)
+++ trunk/rest-api/api-docs/channels.json Wed Aug 21 11:23:59 2013
@@ -754,6 +754,10 @@
 					],
 					"errorResponses": [
 						{
+							"code": 400,
+							"reason": "Missing variable parameter."
+						},
+						{
 							"code": 404,
 							"reason": "Channel not found"
 						},
@@ -795,6 +799,10 @@
 						}
 					],
 					"errorResponses": [
+						{
+							"code": 400,
+							"reason": "Missing variable parameter."
+						},
 						{
 							"code": 404,
 							"reason": "Channel not found"


