kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-04 03:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

func_env: Prevent FILE() from reading garbage at end-of-file

Browse Source 
If the last line of a file does not have a terminating EOL sequence, we
potentially add garbage to the value returned from the FILE() function.

There is no overflow potential here as we are reading from a buffer of a
known size, we are just reading too much of it.

ASTERISK-26481 #close

Change-Id: I50dd4fcf416fb3c83150040a1a79a59d9eb1ae01
This commit is contained in:
Sean Bright
2019-11-13 15:25:22 -05:00
committed by George Joseph
parent e7320bbbf0
commit e39ddb1cb1
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
funcs/func_env.c
View File

@@ -709,12 +709,13 @@ static int file_read(struct ast_channel *chan, const char *cmd, char *data, stru
ast_debug(3, "offset=%" PRId64 ", length=%" PRId64 ", offset_offset=%" PRId64 ", length_offset=%" PRId64 "\n", offset, length, offset_offset, length_offset); ast_debug(3, "offset=%" PRId64 ", length=%" PRId64 ", offset_offset=%" PRId64 ", length_offset=%" PRId64 "\n", offset, length, offset_offset, length_offset);
for (i = offset_offset; i < flength; i += sizeof(fbuf)) { for (i = offset_offset; i < flength; i += sizeof(fbuf)) {
char *pos; char *pos;
if (fread(fbuf, 1, sizeof(fbuf), ff) < sizeof(fbuf) && !feof(ff)) { size_t bytes_read;
if ((bytes_read = fread(fbuf, 1, sizeof(fbuf), ff)) < sizeof(fbuf) && !feof(ff)) {
ast_log(LOG_ERROR, "Short read?!!\n"); ast_log(LOG_ERROR, "Short read?!!\n");
fclose(ff); fclose(ff);
return -1; return -1;
} }
for (pos = fbuf; pos < fbuf + sizeof(fbuf); pos++) { for (pos = fbuf; pos < fbuf + bytes_read; pos++) {
LINE_COUNTER(pos, format, current_length); LINE_COUNTER(pos, format, current_length);
if (current_length == length) { if (current_length == length) {