kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-02 11:58:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

various modules: json integer overflow

Browse Source 
There were still a few places in the code that could overflow when "packing"
a json object with a value outside the base type integer's range. For instance:

unsigned int value = INT_MAX + 1
ast_json_pack("{s: i}", value);

would result in a negative number being "packed". In those situations this patch
alters those values to a ast_json_int_t, which widens the value up to a long or
long long.

ASTERISK-28480

Change-Id: Ied530780d83e6f1772adba0e28d8938ef30c49a1
This commit is contained in:
Kevin Harwell
2019-08-01 16:22:01 -05:00
parent 4018e88369
commit 3656c42cb0
10 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/app_queue.c
View File

@@ -5898,12 +5898,12 @@ static void send_agent_complete(const char *queuename, struct ast_channel_snapsh
break;
}
blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i, s: s}",
blob = ast_json_pack("{s: s, s: s, s: s, s: I, s: I, s: s}",
"Queue", queuename,
"Interface", member->interface,
"MemberName", member->membername,
"HoldTime", (long)(callstart - holdstart),
"TalkTime", (long)(time(NULL) - callstart),
"HoldTime", (ast_json_int_t)(callstart - holdstart),
"TalkTime", (ast_json_int_t)(time(NULL) - callstart),
"Reason", reason ?: "");
queue_publish_multi_channel_snapshot_blob(ast_queue_topic(queuename), caller, peer,
@@ -7174,12 +7174,12 @@ static int try_calling(struct queue_ent *qe, struct ast_flags opts, char **opt_a
ast_queue_log(queuename, ast_channel_uniqueid(qe->chan), member->membername, "CONNECT", "%ld|%s|%ld", (long) (time(NULL) - qe->start), ast_channel_uniqueid(peer),
(long)(orig - to > 0 ? (orig - to) / 1000 : 0));
blob = ast_json_pack("{s: s, s: s, s: s, s: i, s: i}",
blob = ast_json_pack("{s: s, s: s, s: s, s: I, s: I}",
"Queue", queuename,
"Interface", member->interface,
"MemberName", member->membername,
"HoldTime", (long) (time(NULL) - qe->start),
"RingTime", (long)(orig - to > 0 ? (orig - to) / 1000 : 0));
"HoldTime", (ast_json_int_t)(time(NULL) - qe->start),
"RingTime", (ast_json_int_t)(orig - to > 0 ? (orig - to) / 1000 : 0));
queue_publish_multi_channel_blob(qe->chan, peer, queue_agent_connect_type(), blob);
ast_copy_string(oldcontext, ast_channel_context(qe->chan), sizeof(oldcontext));