[Asterisk-code-review] config.c: Prevent UB in ast_realtime_require_field (asterisk[master])
Sean Bright
asteriskteam at digium.com
Sun Nov 28 15:38:57 CST 2021
Sean Bright has uploaded this change for review. ( https://gerrit.asterisk.org/c/asterisk/+/17606 )
Change subject: config.c: Prevent UB in ast_realtime_require_field
......................................................................
config.c: Prevent UB in ast_realtime_require_field
A backend's implementation of the realtime 'require' function may call
va_arg() and then fail, leaving the va_list in an undefined
state. Pass a copy of the va_list instead.
ASTERISK-29771 #close
Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
---
M main/config.c
1 file changed, 5 insertions(+), 2 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/06/17606/1
diff --git a/main/config.c b/main/config.c
index 46f05aa..c5e42fa 100644
--- a/main/config.c
+++ b/main/config.c
@@ -3384,16 +3384,19 @@
struct ast_config_engine *eng;
char db[256];
char table[256];
- va_list ap;
+ va_list ap, aq;
int res = -1, i;
va_start(ap, family);
for (i = 1; ; i++) {
if ((eng = find_engine(family, i, db, sizeof(db), table, sizeof(table)))) {
+ va_copy(aq, ap);
/* If the require succeeds, it returns 0. */
- if (eng->require_func && !(res = eng->require_func(db, table, ap))) {
+ if (eng->require_func && !(res = eng->require_func(db, table, aq))) {
+ va_end(aq);
break;
}
+ va_end(aq);
} else {
break;
}
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/17606
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: I555565a72af84e96d49f62fe8cb66ba5a78461f4
Gerrit-Change-Number: 17606
Gerrit-PatchSet: 1
Gerrit-Owner: Sean Bright <sean at seanbright.com>
Gerrit-MessageType: newchange
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20211128/c9199236/attachment-0001.html>
More information about the asterisk-code-review
mailing list