[asterisk-dev] [Code Review] 4447: ARI: Fix crash if integer values used in JSON payload 'variables' object.

Matt Jordan reviewboard at asterisk.org
Tue Feb 24 20:12:06 CST 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4447/#review14544
-----------------------------------------------------------



/branches/13/include/asterisk/json.h
<https://reviewboard.asterisk.org/r/4447/#comment25096>

    The problem with making this return HTTP status codes is that... well, it may not be used by HTTP. Other things may pass JSON around, and having the errors being specific to HTTP feels a little odd.
    
    How about having an enum with the failure conditions? That way, the user of this in the HTTP code can map that to HTTP status codes however it wants, and other future users are not constrained to map HTTP response codes to other things.


- Matt Jordan


On Feb. 24, 2015, 5:50 p.m., rmudgett wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4447/
> -----------------------------------------------------------
> 
> (Updated Feb. 24, 2015, 5:50 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Bugs: ASTERISK-24751
>     https://issues.asterisk.org/jira/browse/ASTERISK-24751
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> Sending the following ARI commands caused Asterisk to crash if the JSON
> body 'variables' object passes values of types other than strings.
> 
> POST /ari/channels
> POST /ari/channels/{channelid}
> PUT /ari/endpoints/sendMessage
> PUT /ari/endpoints/{tech}/{resource}/sendMessage
> 
> * Eliminated RAII_VAR usage in ast_ari_channels_originate_with_id(),
> ast_ari_channels_originate(), ast_ari_endpoints_send_message(), and
> ast_ari_endpoints_send_message_to_endpoint().
> 
> 
> Diffs
> -----
> 
>   /branches/13/rest-api/api-docs/endpoints.json 432194 
>   /branches/13/res/res_ari_endpoints.c 432194 
>   /branches/13/res/ari/resource_endpoints.c 432194 
>   /branches/13/res/ari/resource_channels.c 432194 
>   /branches/13/main/json.c 432194 
>   /branches/13/include/asterisk/json.h 432194 
> 
> Diff: https://reviewboard.asterisk.org/r/4447/diff/
> 
> 
> Testing
> -------
> 
> The four commands no longer crash and now report 400 Bad Request with a
> message that the 'variables' object only accepts string values when I
> pass an integer value.
> 
> 
> Thanks,
> 
> rmudgett
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150225/54804216/attachment.html>


More information about the asterisk-dev mailing list