<p>Philip Prindeville has uploaded this change for <strong>review</strong>.</p><p><a href="https://gerrit.asterisk.org/c/asterisk/+/19399">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">res_crypto: don't modify fname in try_load_key()<br><br>"fname" is passed in as a const char *, but strstr() mangles that<br>into a char *, and we were attempting to modify the string in place.<br>This is an unwanted (and undocumented) side-effect.<br><br>ASTERISK-30213<br><br>Change-Id: Ifa36d352aafeb7f9beec3f746332865c7d21e629<br>---<br>M res/res_crypto.c<br>1 file changed, 22 insertions(+), 7 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/99/19399/1</pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;"><span>diff --git a/res/res_crypto.c b/res/res_crypto.c</span><br><span>index bc66318..b5b4a96 100644</span><br><span>--- a/res/res_crypto.c</span><br><span>+++ b/res/res_crypto.c</span><br><span>@@ -173,18 +173,20 @@</span><br><span> static struct ast_key *try_load_key(const char *dir, const char *fname, int ifd, int ofd, int *not2)</span><br><span> {</span><br><span> int ktype = 0, found = 0;</span><br><span style="color: hsl(0, 100%, 40%);">- char *c = NULL, ffname[256];</span><br><span style="color: hsl(120, 100%, 40%);">+ const char *c = NULL;</span><br><span style="color: hsl(120, 100%, 40%);">+ char ffname[256];</span><br><span> unsigned char digest[MD5_DIGEST_LENGTH];</span><br><span> unsigned digestlen;</span><br><span> FILE *f;</span><br><span> EVP_MD_CTX *ctx = NULL;</span><br><span> struct ast_key *key;</span><br><span> static int notice = 0;</span><br><span style="color: hsl(120, 100%, 40%);">+ size_t fnamelen = strlen(fname);</span><br><span> </span><br><span> /* Make sure its name is a public or private key */</span><br><span style="color: hsl(0, 100%, 40%);">- if ((c = strstr(fname, ".pub")) && !strcmp(c, ".pub")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ if (fnamelen > 4 && !strcmp((c = &fname[fnamelen - 4]), ".pub")) {</span><br><span> ktype = AST_KEY_PUBLIC;</span><br><span style="color: hsl(0, 100%, 40%);">- } else if ((c = strstr(fname, ".key")) && !strcmp(c, ".key")) {</span><br><span style="color: hsl(120, 100%, 40%);">+ } else if (fnamelen > 4 && !strcmp((c = &fname[fnamelen - 4]), ".key")) {</span><br><span> ktype = AST_KEY_PRIVATE;</span><br><span> } else {</span><br><span> return NULL;</span><br><span>@@ -243,8 +245,6 @@</span><br><span> }</span><br><span> }</span><br><span> </span><br><span style="color: hsl(0, 100%, 40%);">- /* Make fname just be the normal name now */</span><br><span style="color: hsl(0, 100%, 40%);">- *c = '\0';</span><br><span> if (!key) {</span><br><span> if (!(key = ast_calloc(1, sizeof(*key)))) {</span><br><span> fclose(f);</span><br><span>@@ -253,8 +253,8 @@</span><br><span> }</span><br><span> /* First the filename */</span><br><span> ast_copy_string(key->fn, ffname, sizeof(key->fn));</span><br><span style="color: hsl(0, 100%, 40%);">- /* Then the name */</span><br><span style="color: hsl(0, 100%, 40%);">- ast_copy_string(key->name, fname, sizeof(key->name));</span><br><span style="color: hsl(120, 100%, 40%);">+ /* Then the name minus the suffix */</span><br><span style="color: hsl(120, 100%, 40%);">+ snprintf(key->name, sizeof(key->name), "%.*s", (int)(c - fname), fname);</span><br><span> key->ktype = ktype;</span><br><span> /* Yes, assume we're going to be deleted */</span><br><span> key->delme = 1;</span><br><span></span><br></pre><p>To view, visit <a href="https://gerrit.asterisk.org/c/asterisk/+/19399">change 19399</a>. To unsubscribe, or for help writing mail filters, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/c/asterisk/+/19399"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: 18 </div>
<div style="display:none"> Gerrit-Change-Id: Ifa36d352aafeb7f9beec3f746332865c7d21e629 </div>
<div style="display:none"> Gerrit-Change-Number: 19399 </div>
<div style="display:none"> Gerrit-PatchSet: 1 </div>
<div style="display:none"> Gerrit-Owner: Philip Prindeville <philipp@redfish-solutions.com> </div>
<div style="display:none"> Gerrit-MessageType: newchange </div>