[Asterisk-code-review] app voicemail: vm authenticate accesses uninitialized memory (asterisk[14])

Anonymous Coward asteriskteam at digium.com
Mon Feb 20 18:19:22 CST 2017


Anonymous Coward #1000019 has submitted this change and it was merged. ( https://gerrit.asterisk.org/5020 )

Change subject: app_voicemail: vm_authenticate accesses uninitialized memory
......................................................................


app_voicemail: vm_authenticate accesses uninitialized memory

vm_authenticate doesn't always set the passed ast_vm_user argument, so
we initialize to 0 before passing it in.

ASTERISK-25893 #close
Reported by: Filip Jenicek

Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a
---
M apps/app_voicemail.c
1 file changed, 4 insertions(+), 8 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, but someone else must approve
  Richard Mudgett: Looks good to me, approved
  Anonymous Coward #1000019: Verified



diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index d58b6ea..0121a29 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -11192,7 +11192,7 @@
 		return -1;
 	}
 	if (vmu && !skipuser) {
-		memcpy(res_vmu, vmu, sizeof(struct ast_vm_user));
+		*res_vmu = *vmu;
 	}
 	return 0;
 }
@@ -11354,8 +11354,8 @@
 	int box;
 	int useadsi = 0;
 	int skipuser = 0;
-	struct vm_state vms;
-	struct ast_vm_user *vmu = NULL, vmus;
+	struct vm_state vms = {{0}};
+	struct ast_vm_user *vmu = NULL, vmus = {{0}};
 	char *context = NULL;
 	int silentexit = 0;
 	struct ast_flags flags = { 0 };
@@ -11368,11 +11368,7 @@
 #endif
 
 	/* Add the vm_state to the active list and keep it active */
-	memset(&vms, 0, sizeof(vms));
-
 	vms.lastmsg = -1;
-
-	memset(&vmus, 0, sizeof(vmus));
 
 	ast_test_suite_event_notify("START", "Message: vm_execmain started");
 	if (ast_channel_state(chan) != AST_STATE_UP) {
@@ -12666,7 +12662,7 @@
 static int vmauthenticate(struct ast_channel *chan, const char *data)
 {
 	char *s, *user = NULL, *context = NULL, mailbox[AST_MAX_EXTENSION] = "";
-	struct ast_vm_user vmus;
+	struct ast_vm_user vmus = {{0}};
 	char *options = NULL;
 	int silent = 0, skipuser = 0;
 	int res = -1;

-- 
To view, visit https://gerrit.asterisk.org/5020
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a
Gerrit-PatchSet: 5
Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-Owner: Sean Bright <sean.bright at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>



More information about the asterisk-code-review mailing list