[asterisk-dev] [Code Review] 4447: ARI: Fix crash if integer values used in JSON payload 'variables' object.

rmudgett reviewboard at asterisk.org
Tue Feb 24 17:50:37 CST 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4447/
-----------------------------------------------------------

Review request for Asterisk Developers.


Bugs: ASTERISK-24751
    https://issues.asterisk.org/jira/browse/ASTERISK-24751


Repository: Asterisk


Description
-------

Sending the following ARI commands caused Asterisk to crash if the JSON
body 'variables' object passes values of types other than strings.

POST /ari/channels
POST /ari/channels/{channelid}
PUT /ari/endpoints/sendMessage
PUT /ari/endpoints/{tech}/{resource}/sendMessage

* Eliminated RAII_VAR usage in ast_ari_channels_originate_with_id(),
ast_ari_channels_originate(), ast_ari_endpoints_send_message(), and
ast_ari_endpoints_send_message_to_endpoint().


Diffs
-----

  /branches/13/rest-api/api-docs/endpoints.json 432194 
  /branches/13/res/res_ari_endpoints.c 432194 
  /branches/13/res/ari/resource_endpoints.c 432194 
  /branches/13/res/ari/resource_channels.c 432194 
  /branches/13/main/json.c 432194 
  /branches/13/include/asterisk/json.h 432194 

Diff: https://reviewboard.asterisk.org/r/4447/diff/


Testing
-------

The four commands no longer crash and now report 400 Bad Request with a
message that the 'variables' object only accepts string values when I
pass an integer value.


Thanks,

rmudgett

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150224/fd45d8b2/attachment.html>


More information about the asterisk-dev mailing list