[asterisk-dev] [Code Review] 4447: ARI: Fix crash if integer values used in JSON payload 'variables' object.
Matt Jordan
reviewboard at asterisk.org
Wed Feb 25 11:50:44 CST 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4447/#review14552
-----------------------------------------------------------
Ship it!
Ship It!
- Matt Jordan
On Feb. 25, 2015, 10:21 a.m., rmudgett wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4447/
> -----------------------------------------------------------
>
> (Updated Feb. 25, 2015, 10:21 a.m.)
>
>
> Review request for Asterisk Developers.
>
>
> Bugs: ASTERISK-24751
> https://issues.asterisk.org/jira/browse/ASTERISK-24751
>
>
> Repository: Asterisk
>
>
> Description
> -------
>
> Sending the following ARI commands caused Asterisk to crash if the JSON
> body 'variables' object passes values of types other than strings.
>
> POST /ari/channels
> POST /ari/channels/{channelid}
> PUT /ari/endpoints/sendMessage
> PUT /ari/endpoints/{tech}/{resource}/sendMessage
>
> * Eliminated RAII_VAR usage in ast_ari_channels_originate_with_id(),
> ast_ari_channels_originate(), ast_ari_endpoints_send_message(), and
> ast_ari_endpoints_send_message_to_endpoint().
>
>
> Diffs
> -----
>
> /branches/13/rest-api/api-docs/endpoints.json 432235
> /branches/13/res/res_ari_endpoints.c 432235
> /branches/13/res/ari/resource_endpoints.c 432235
> /branches/13/res/ari/resource_channels.c 432235
> /branches/13/main/json.c 432235
> /branches/13/include/asterisk/json.h 432235
>
> Diff: https://reviewboard.asterisk.org/r/4447/diff/
>
>
> Testing
> -------
>
> The four commands no longer crash and now report 400 Bad Request with a
> message that the 'variables' object only accepts string values when I
> pass an integer value.
>
>
> Thanks,
>
> rmudgett
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20150225/60893c04/attachment.html>
More information about the asterisk-dev
mailing list