[asterisk-dev] [Code Review] 4447: ARI: Fix crash if integer values used in JSON payload 'variables' object.

rmudgett reviewboard at asterisk.org
Wed Feb 25 09:27:40 CST 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4447/
-----------------------------------------------------------

(Updated Feb. 25, 2015, 9:27 a.m.)


Review request for Asterisk Developers.


Changes
-------

Address Matt's feedback.


Bugs: ASTERISK-24751
    https://issues.asterisk.org/jira/browse/ASTERISK-24751


Repository: Asterisk


Description
-------

Sending the following ARI commands caused Asterisk to crash if the JSON
body 'variables' object passes values of types other than strings.

POST /ari/channels
POST /ari/channels/{channelid}
PUT /ari/endpoints/sendMessage
PUT /ari/endpoints/{tech}/{resource}/sendMessage

* Eliminated RAII_VAR usage in ast_ari_channels_originate_with_id(),
ast_ari_channels_originate(), ast_ari_endpoints_send_message(), and
ast_ari_endpoints_send_message_to_endpoint().


Diffs (updated)
-----

  /branches/13/rest-api/api-docs/endpoints.json 432235 
  /branches/13/res/res_ari_endpoints.c 432235 
  /branches/13/res/ari/resource_endpoints.c 432235 
  /branches/13/res/ari/resource_channels.c 432235 
  /branches/13/main/json.c 432235 
  /branches/13/include/asterisk/json.h 432235 

Diff: https://reviewboard.asterisk.org/r/4447/diff/


Testing
-------

The four commands no longer crash and now report 400 Bad Request with a
message that the 'variables' object only accepts string values when I
pass an integer value.


Thanks,

rmudgett

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150225/459ce681/attachment.html>


More information about the asterisk-dev mailing list