sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: memory leaks, resource leaks, out of bounds and bugs 

ASTERISK-26119 #close

Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c
This commit is contained in:
Alexei Gradinari 2016-06-17 14:51:57 -04:00
parent 947f76a971
commit 820ed3d4b3
6 changed files with 74 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
main/ast_expr2.c
View File

@ -3669,13 +3669,20 @@ op_tildetilde (struct val *a, struct val *b)
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
if (vs == NULL) {
ast_log(LOG_WARNING, "malloc() failed\n");
return NULL;
}
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
free(vs);
/* free arguments */
free_value(a);
free_value(b);

9
main/ast_expr2.y
View File

@ -1662,13 +1662,20 @@ op_tildetilde (struct val *a, struct val *b)
/* strip double quotes from both -- */
strip_quotes(a);
strip_quotes(b);
vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
if (vs == NULL) {
ast_log(LOG_WARNING, "malloc() failed\n");
return NULL;
}
strcpy(vs,a->u.s);
strcat(vs,b->u.s);
v = make_str(vs);
free(vs);
/* free arguments */
free_value(a);
free_value(b);

4
main/say.c
View File

@ -8521,9 +8521,9 @@ int ast_say_date_with_format_ja(struct ast_channel *chan, time_t time, const cha
/* NOTE: if you add more options here, please try to be consistent with strftime(3) */
case '\'':
/* Literal name of a sound file */
sndoffset=0;
for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++)
for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
sndfile[sndoffset] = format[offset];
}
sndfile[sndoffset] = '\0';
res = wait_file(chan,ints,sndfile,lang);
break;

70
res/ael/pval.c
View File

@ -3356,9 +3356,9 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
#ifdef OLD_RAND_ACTION
struct ael_priority *rand_test, *rand_end, *rand_skip;
#endif
char *buf1;
char *buf2;
char *new_label;
RAII_VAR(char *, buf1, NULL, free);
RAII_VAR(char *, buf2, NULL, free);
RAII_VAR(char *, new_label, NULL, free);
char *strp, *strp2;
int default_exists;
int local_control_statement_count;
@ -4192,9 +4192,6 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
break;
}
}
free(buf1);
free(buf2);
free(new_label);
return 0;
}
@ -5053,7 +5050,10 @@ int pvalCheckType( pval *p, char *funcname, pvaltype type )
pval *pvalCreateNode( pvaltype type )
{
pval *p = calloc(1,sizeof(pval)); /* why, oh why, don't I use ast_calloc? Way, way, way too messy if I do! */
p->type = type; /* remember, this can be used externally or internally to asterisk */
/* remember, this can be used externally or internally to asterisk */
if (p) {
p->type = type;
}
return p;
}
@ -5414,14 +5414,30 @@ void pvalIncludesAddInclude( pval *p, const char *include )
void pvalIncludesAddIncludeWithTimeConstraints( pval *p, const char *include, char *hour_range, char *dom_range, char *dow_range, char *month_range )
{
pval *hr = pvalCreateNode(PV_WORD);
pval *dom = pvalCreateNode(PV_WORD);
pval *dow = pvalCreateNode(PV_WORD);
pval *mon = pvalCreateNode(PV_WORD);
pval *s = pvalCreateNode(PV_WORD);
if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES))
pval *hr;
pval *dom;
pval *dow;
pval *mon;
pval *s;
if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES)) {
return;
}
hr = pvalCreateNode(PV_WORD);
dom = pvalCreateNode(PV_WORD);
dow = pvalCreateNode(PV_WORD);
mon = pvalCreateNode(PV_WORD);
s = pvalCreateNode(PV_WORD);
if (!hr || !dom || !dow || !mon || !s) {
destroy_pval(hr);
destroy_pval(dom);
destroy_pval(dow);
destroy_pval(mon);
destroy_pval(s);
return;
}
s->u1.str = (char *)include;
p->u1.list = linku1(p->u1.list, s);
@ -5668,12 +5684,28 @@ char* pvalIfGetCondition( pval *p )
void pvalIfTimeSetCondition( pval *p, char *hour_range, char *dow_range, char *dom_range, char *mon_range ) /* time range format: 24-hour format begin-end|dow range|dom range|month range */
{
pval *hr = pvalCreateNode(PV_WORD);
pval *dow = pvalCreateNode(PV_WORD);
pval *dom = pvalCreateNode(PV_WORD);
pval *mon = pvalCreateNode(PV_WORD);
if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME))
pval *hr;
pval *dow;
pval *dom;
pval *mon;
if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME)) {
return;
}
hr = pvalCreateNode(PV_WORD);
dow = pvalCreateNode(PV_WORD);
dom = pvalCreateNode(PV_WORD);
mon = pvalCreateNode(PV_WORD);
if (!hr || !dom || !dow || !mon) {
destroy_pval(hr);
destroy_pval(dom);
destroy_pval(dow);
destroy_pval(mon);
return;
}
pvalWordSetString(hr, hour_range);
pvalWordSetString(dow, dow_range);
pvalWordSetString(dom, dom_range);

5
res/res_phoneprov.c
View File

@ -410,10 +410,13 @@ static int load_file(const char *filename, char **ret)
fseek(f, 0, SEEK_END);
len = ftell(f);
fseek(f, 0, SEEK_SET);
if (!(*ret = ast_malloc(len + 1)))
if (!(*ret = ast_malloc(len + 1))) {
fclose(f);
return -2;
}
if (len != fread(*ret, sizeof(char), len, f)) {
fclose(f);
ast_free(*ret);
*ret = NULL;
return -3;

2
res/res_pjsip_sdp_rtp.c
View File

@ -429,7 +429,7 @@ static pjmedia_sdp_attr* generate_fmtp_attr(pj_pool_t *pool, struct ast_format *
*++tmp = '\0';
/* ast...generate gives us everything, just need value */
tmp = strchr(ast_str_buffer(fmtp0), ':');
if (tmp && tmp + 1) {
if (tmp && tmp[1] != '\0') {
fmtp1 = pj_str(tmp + 1);
} else {
fmtp1 = pj_str(ast_str_buffer(fmtp0));