[Asterisk-code-review] Audit ast json pack() calls for needed UTF-8 checks. (asterisk[14])
Joshua Colp
asteriskteam at digium.com
Fri Oct 14 14:15:51 CDT 2016
Joshua Colp has submitted this change and it was merged.
Change subject: Audit ast_json_pack() calls for needed UTF-8 checks.
......................................................................
Audit ast_json_pack() calls for needed UTF-8 checks.
Added needed UTF-8 checks before constructing json objects in various
files for strings obtained outside the system. In this case string values
from a channel driver's peer and not from the user setting channel
variables.
* aoc.c: Fixed type mismatch in s_to_json() for time and granularity json
object construction.
ASTERISK-26466
Reported by: Richard Mudgett
Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096
---
M apps/app_fax.c
M apps/app_queue.c
M main/aoc.c
M main/cel.c
M res/res_fax.c
M res/stasis/app.c
6 files changed, 31 insertions(+), 30 deletions(-)
Approvals:
George Joseph: Looks good to me, approved
Joshua Colp: Looks good to me, but someone else must approve; Verified
diff --git a/apps/app_fax.c b/apps/app_fax.c
index bf57d82..6e174d4 100644
--- a/apps/app_fax.c
+++ b/apps/app_fax.c
@@ -262,13 +262,13 @@
}
ast_json_ref(json_filenames);
json_object = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: i, s: o}",
- "type", s->direction ? "send" : "receive",
- "remote_station_id", far_ident,
- "local_station_id", local_ident,
- "fax_pages", pages_transferred,
- "fax_resolution", stat.y_resolution,
- "fax_bitrate", stat.bit_rate,
- "filenames", json_filenames);
+ "type", s->direction ? "send" : "receive",
+ "remote_station_id", AST_JSON_UTF8_VALIDATE(far_ident),
+ "local_station_id", AST_JSON_UTF8_VALIDATE(local_ident),
+ "fax_pages", pages_transferred,
+ "fax_resolution", stat.y_resolution,
+ "fax_bitrate", stat.bit_rate,
+ "filenames", json_filenames);
message = ast_channel_blob_create_from_cache(ast_channel_uniqueid(s->chan), ast_channel_fax_type(), json_object);
if (!message) {
return;
diff --git a/apps/app_queue.c b/apps/app_queue.c
index 873ab0c..543f656 100644
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -5645,12 +5645,12 @@
}
blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: s}",
- "Queue", queuename,
- "Interface", member->interface,
- "MemberName", member->membername,
- "HoldTime", (long)(callstart - holdstart),
- "TalkTime", (long)(time(NULL) - callstart),
- "Reason", reason);
+ "Queue", queuename,
+ "Interface", member->interface,
+ "MemberName", member->membername,
+ "HoldTime", (long)(callstart - holdstart),
+ "TalkTime", (long)(time(NULL) - callstart),
+ "Reason", reason ?: "");
queue_publish_multi_channel_snapshot_blob(ast_queue_topic(queuename), caller, peer,
queue_agent_complete_type(), blob);
diff --git a/main/aoc.c b/main/aoc.c
index cd9c461..552c406 100644
--- a/main/aoc.c
+++ b/main/aoc.c
@@ -1656,8 +1656,10 @@
static struct ast_json *currency_to_json(const char *name, int cost,
enum ast_aoc_currency_multiplier mult)
{
- return ast_json_pack("{s:s, s:i, s:s}", "Name", name,
- "Cost", cost, "Multiplier", aoc_multiplier_str(mult));
+ return ast_json_pack("{s:s, s:i, s:s}",
+ "Name", AST_JSON_UTF8_VALIDATE(name),
+ "Cost", cost,
+ "Multiplier", aoc_multiplier_str(mult));
}
static struct ast_json *charge_to_json(const struct ast_aoc_decoded *decoded)
@@ -1692,9 +1694,8 @@
{
switch (decoded->charging_association.charging_type) {
case AST_AOC_CHARGING_ASSOCIATION_NUMBER:
- return ast_json_pack(
- "{s:s, s:i}",
- "Number", decoded->charging_association.charge.number.number,
+ return ast_json_pack("{s:s, s:i}",
+ "Number", AST_JSON_UTF8_VALIDATE(decoded->charging_association.charge.number.number),
"Plan", decoded->charging_association.charge.number.plan);
case AST_AOC_CHARGING_ASSOCIATION_ID:
return ast_json_pack(
@@ -1740,14 +1741,12 @@
decoded->aoc_s_entries[i].rate.duration.amount,
decoded->aoc_s_entries[i].rate.duration.multiplier);
- time = ast_json_pack(
- "{s:i, s:s}",
+ time = ast_json_pack("{s:i, s:i}",
"Length", decoded->aoc_s_entries[i].rate.duration.time,
"Scale", decoded->aoc_s_entries[i].rate.duration.time_scale);
if (decoded->aoc_s_entries[i].rate.duration.granularity_time) {
- granularity = ast_json_pack(
- "{s:i, s:s}",
+ granularity = ast_json_pack("{s:i, s:i}",
"Length", decoded->aoc_s_entries[i].rate.duration.granularity_time,
"Scale", decoded->aoc_s_entries[i].rate.duration.granularity_time_scale);
}
diff --git a/main/cel.c b/main/cel.c
index ad75c01..aafeea4 100644
--- a/main/cel.c
+++ b/main/cel.c
@@ -1237,10 +1237,10 @@
if (parked_payload->retriever) {
extra = ast_json_pack("{s: s, s: s}",
- "reason", reason,
+ "reason", reason ?: "",
"retriever", parked_payload->retriever->name);
} else {
- extra = ast_json_pack("{s: s}", "reason", reason);
+ extra = ast_json_pack("{s: s}", "reason", reason ?: "");
}
if (extra) {
diff --git a/res/res_fax.c b/res/res_fax.c
index b97f3eb..f602ba9 100644
--- a/res/res_fax.c
+++ b/res/res_fax.c
@@ -1415,11 +1415,13 @@
}
json_object = ast_json_pack("{s: s, s: s, s: s, s: s, s: o}",
- "type", "status",
- "operation", (details->caps & AST_FAX_TECH_GATEWAY) ? "gateway" : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send",
- "status", status,
- "local_station_id", details->localstationid,
- "filenames", json_filenames);
+ "type", "status",
+ "operation", (details->caps & AST_FAX_TECH_GATEWAY)
+ ? "gateway"
+ : (details->caps & AST_FAX_TECH_RECEIVE) ? "receive" : "send",
+ "status", status,
+ "local_station_id", AST_JSON_UTF8_VALIDATE(details->localstationid),
+ "filenames", json_filenames);
if (!json_object) {
return -1;
}
diff --git a/res/stasis/app.c b/res/stasis/app.c
index 6e5a396..fb313df 100644
--- a/res/stasis/app.c
+++ b/res/stasis/app.c
@@ -455,7 +455,7 @@
"type", "ChannelDialplan",
"timestamp", ast_json_timeval(*tv, NULL),
"dialplan_app", new_snapshot->appl,
- "dialplan_app_data", new_snapshot->data,
+ "dialplan_app_data", AST_JSON_UTF8_VALIDATE(new_snapshot->data),
"channel", json_channel);
}
--
To view, visit https://gerrit.asterisk.org/4100
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Iac2d867fa598daba5c5dbc619b5464625a7f2096
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
More information about the asterisk-code-review
mailing list