kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-31 02:37:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged revisions 294989 via svnmerge from

Browse Source 
https://origsvn.digium.com/svn/asterisk/branches/1.8

................
  r294989 | tilghman | 2010-11-15 01:44:38 -0600 (Mon, 15 Nov 2010) | 15 lines
  
  Merged revisions 294988 via svnmerge from 
  https://origsvn.digium.com/svn/asterisk/branches/1.6.2
  
  ........
    r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines
    
    It is possible to crash Asterisk by feeding the curl engine invalid data.
    
    (closes issue #18161)
     Reported by: wdoekes
     Patches: 
           20101029__issue18161.diff.txt uploaded by tilghman (license 14)
     Tested by: tilghman
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@294990 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Tilghman Lesher
2010-11-15 07:45:42 +00:00
parent 6751c4f293
commit 53357354a4
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
funcs/func_curl.c
View File

@@ -529,8 +529,11 @@ static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info
struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
int rowcount = 0;
while ((piece = strsep(&remainder, "&"))) {
while (fields && values && (piece = strsep(&remainder, "&"))) {
char *name = strsep(&piece, "=");
if (!piece) {
piece = "";
}
ast_uri_decode(piece);
ast_uri_decode(name);
ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);