[asterisk-commits] app voicemail/IMAP: IMAP access FATAL error: Out of memory (asterisk[master])

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Mon Apr 11 14:21:22 CDT 2016


Anonymous Coward #1000019 has submitted this change and it was merged.

Change subject: app_voicemail/IMAP: IMAP access FATAL error: Out of memory
......................................................................


app_voicemail/IMAP: IMAP access FATAL error: Out of memory

Sometimes uw-imap function 'mail_fetchbody' returns huge len
which then pass to uw-imap function 'rfc822_base64'.
uw-imap tries to allocate huge memory and abort() on fail.

This patch check the len.
If the len more than max size (128 Mbytes) log error.
This patch also set variables len, newlen to avoid uninizialezed len.
This patch also check pointer returned by rfc822_base64.

ASTERISK-25899 #close

Change-Id: I4a0e7d655f11abef6a5224e2169df6d5c1f1caca
---
M apps/app_voicemail.c
1 file changed, 12 insertions(+), 4 deletions(-)

Approvals:
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, approved
  George Joseph: Looks good to me, but someone else must approve



diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index cd55254..aa8da5f 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -580,6 +580,8 @@
 
 #define INTRO "vm-intro"
 
+#define MAX_MAIL_BODY_CONTENT_SIZE 134217728L // 128 Mbyte
+
 #define MAXMSG 100
 #define MAXMSGLIMIT 9999
 
@@ -3624,8 +3626,8 @@
 	char *body_content;
 	char *body_decoded;
 	char *fn = is_intro ? vms->introfn : vms->fn;
-	unsigned long len;
-	unsigned long newlen;
+	unsigned long len = 0;
+	unsigned long newlen = 0;
 	char filename[256];
 
 	if (!body || body == NIL)
@@ -3634,12 +3636,18 @@
 	ast_mutex_lock(&vms->lock);
 	body_content = mail_fetchbody(vms->mailstream, vms->msgArray[vms->curmsg], section, &len);
 	ast_mutex_unlock(&vms->lock);
-	if (body_content != NIL) {
+	if (len > MAX_MAIL_BODY_CONTENT_SIZE) {
+		ast_log(AST_LOG_ERROR,
+			"Msgno %ld, section %s. The body's content size %ld is huge (max %ld). User:%s, mailbox %s\n",
+			vms->msgArray[vms->curmsg], section, len, MAX_MAIL_BODY_CONTENT_SIZE, vms->imapuser, vms->username);
+		return -1;
+	}
+	if (body_content != NIL && len) {
 		snprintf(filename, sizeof(filename), "%s.%s", fn, format);
 		/* ast_debug(1, body_content); */
 		body_decoded = rfc822_base64((unsigned char *) body_content, len, &newlen);
 		/* If the body of the file is empty, return an error */
-		if (!newlen) {
+		if (!newlen || !body_decoded) {
 			return -1;
 		}
 		write_file(filename, (char *) body_decoded, newlen);

-- 
To view, visit https://gerrit.asterisk.org/2563
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I4a0e7d655f11abef6a5224e2169df6d5c1f1caca
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>



More information about the asterisk-commits mailing list