[asterisk-commits] app voicemail: vm authenticate accesses uninitialized memory (asterisk[13])
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Mon Feb 20 18:14:39 CST 2017
Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/5019 )
Change subject: app_voicemail: vm_authenticate accesses uninitialized memory
......................................................................
app_voicemail: vm_authenticate accesses uninitialized memory
vm_authenticate doesn't always set the passed ast_vm_user argument, so
we initialize to 0 before passing it in.
ASTERISK-25893 #close
Reported by: Filip Jenicek
Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a
---
M apps/app_voicemail.c
1 file changed, 4 insertions(+), 8 deletions(-)
Approvals:
Kevin Harwell: Looks good to me, but someone else must approve
Richard Mudgett: Looks good to me, approved
Anonymous Coward #1000019: Verified
diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index ef210c2..6089779 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -11113,7 +11113,7 @@
return -1;
}
if (vmu && !skipuser) {
- memcpy(res_vmu, vmu, sizeof(struct ast_vm_user));
+ *res_vmu = *vmu;
}
return 0;
}
@@ -11275,8 +11275,8 @@
int box;
int useadsi = 0;
int skipuser = 0;
- struct vm_state vms;
- struct ast_vm_user *vmu = NULL, vmus;
+ struct vm_state vms = {{0}};
+ struct ast_vm_user *vmu = NULL, vmus = {{0}};
char *context = NULL;
int silentexit = 0;
struct ast_flags flags = { 0 };
@@ -11289,11 +11289,7 @@
#endif
/* Add the vm_state to the active list and keep it active */
- memset(&vms, 0, sizeof(vms));
-
vms.lastmsg = -1;
-
- memset(&vmus, 0, sizeof(vmus));
ast_test_suite_event_notify("START", "Message: vm_execmain started");
if (ast_channel_state(chan) != AST_STATE_UP) {
@@ -12587,7 +12583,7 @@
static int vmauthenticate(struct ast_channel *chan, const char *data)
{
char *s, *user = NULL, *context = NULL, mailbox[AST_MAX_EXTENSION] = "";
- struct ast_vm_user vmus;
+ struct ast_vm_user vmus = {{0}};
char *options = NULL;
int silent = 0, skipuser = 0;
int res = -1;
--
To view, visit https://gerrit.asterisk.org/5019
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a
Gerrit-PatchSet: 5
Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
More information about the asterisk-commits
mailing list