ARI: Correct segfault with /variable calls are missing ?variable parameter.
authorDavid M. Lee <dlee@digium.com>
Wed, 21 Aug 2013 16:23:59 +0000 (16:23 +0000)
committerDavid M. Lee <dlee@digium.com>
Wed, 21 Aug 2013 16:23:59 +0000 (16:23 +0000)
Both /asterisk/variable and /channel/{channelId}/variable requires a
?variable parameter to be passed into the query. But we weren't checking
for the parameter being missing, which caused a segfault.

All calls now properly return 400 Bad Request errors when the parameter
is missing. The Swagger api-docs were updated accordingly.

(closes issue ASTERISK-22273)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397306 65c4cc65-6c06-0410-ace0-fbb531ad65f3

res/ari/resource_asterisk.c
res/ari/resource_channels.c
res/res_ari_asterisk.c
res/res_ari_channels.c
rest-api/api-docs/asterisk.json
rest-api/api-docs/channels.json

index 6f2eb80..268c071 100644 (file)
@@ -143,12 +143,20 @@ void ast_ari_get_asterisk_info(struct ast_variable *headers,
 void ast_ari_get_global_var(struct ast_variable *headers, struct ast_get_global_var_args *args, struct ast_ari_response *response)
 {
        RAII_VAR(struct ast_json *, json, NULL, ast_json_unref);
-       RAII_VAR(struct ast_str *, tmp, ast_str_create(32), ast_free);
+       RAII_VAR(struct ast_str *, tmp, NULL, ast_free);
 
        const char *value;
 
        ast_assert(response != NULL);
 
+       if (ast_strlen_zero(args->variable)) {
+               ast_ari_response_error(
+                       response, 400, "Bad Request",
+                       "Variable name is required");
+               return;
+       }
+
+       tmp = ast_str_create(32);
        if (!tmp) {
                ast_ari_response_alloc_failed(response);
                return;
index dd323ba..29ceb77 100644 (file)
@@ -648,8 +648,16 @@ void ast_ari_get_channel_var(struct ast_variable *headers, struct ast_get_channe
 
        ast_assert(response != NULL);
 
+       if (ast_strlen_zero(args->variable)) {
+               ast_ari_response_error(
+                       response, 400, "Bad Request",
+                       "Variable name is required");
+               return;
+       }
+
        control = find_control(response, args->channel_id);
        if (control == NULL) {
+               /* response filled in by find_control */
                return;
        }
 
@@ -669,11 +677,6 @@ void ast_ari_set_channel_var(struct ast_variable *headers, struct ast_set_channe
 
        ast_assert(response != NULL);
 
-       control = find_control(response, args->channel_id);
-       if (control == NULL) {
-               return;
-       }
-
        if (ast_strlen_zero(args->variable)) {
                ast_ari_response_error(
                        response, 400, "Bad Request",
@@ -681,6 +684,12 @@ void ast_ari_set_channel_var(struct ast_variable *headers, struct ast_set_channe
                return;
        }
 
+       control = find_control(response, args->channel_id);
+       if (control == NULL) {
+               /* response filled in by find_control */
+               return;
+       }
+
        if (stasis_app_control_set_channel_var(control, args->variable, args->value)) {
                ast_ari_response_error(
                        response, 400, "Bad Request",
index dce634e..3f34c7a 100644 (file)
@@ -175,6 +175,7 @@ static void ast_ari_get_global_var_cb(
                break;
        case 500: /* Internal Server Error */
        case 501: /* Not Implemented */
+       case 400: /* Missing variable parameter. */
                is_valid = 1;
                break;
        default:
@@ -234,6 +235,7 @@ static void ast_ari_set_global_var_cb(
                break;
        case 500: /* Internal Server Error */
        case 501: /* Not Implemented */
+       case 400: /* Missing variable parameter. */
                is_valid = 1;
                break;
        default:
index 8a6687b..063e766 100644 (file)
@@ -1055,6 +1055,7 @@ static void ast_ari_get_channel_var_cb(
                break;
        case 500: /* Internal Server Error */
        case 501: /* Not Implemented */
+       case 400: /* Missing variable parameter. */
        case 404: /* Channel not found */
        case 409: /* Channel not in a Stasis application */
                is_valid = 1;
@@ -1122,6 +1123,7 @@ static void ast_ari_set_channel_var_cb(
                break;
        case 500: /* Internal Server Error */
        case 501: /* Not Implemented */
+       case 400: /* Missing variable parameter. */
        case 404: /* Channel not found */
        case 409: /* Channel not in a Stasis application */
                is_valid = 1;
index cbed189..723c6d8 100644 (file)
                                                        "allowMultiple": false,
                                                        "dataType": "string"
                                                }
+                                       ],
+                                       "errorResponses": [
+                                               {
+                                                       "code": 400,
+                                                       "reason": "Missing variable parameter."
+                                               }
                                        ]
                                },
                                {
                                                        "allowMultiple": false,
                                                        "dataType": "string"
                                                }
+                                       ],
+                                       "errorResponses": [
+                                               {
+                                                       "code": 400,
+                                                       "reason": "Missing variable parameter."
+                                               }
                                        ]
                                }
                        ]
index 41b6cc0..0f3b8e2 100644 (file)
                                        ],
                                        "errorResponses": [
                                                {
+                                                       "code": 400,
+                                                       "reason": "Missing variable parameter."
+                                               },
+                                               {
                                                        "code": 404,
                                                        "reason": "Channel not found"
                                                },
                                        ],
                                        "errorResponses": [
                                                {
+                                                       "code": 400,
+                                                       "reason": "Missing variable parameter."
+                                               },
+                                               {
                                                        "code": 404,
                                                        "reason": "Channel not found"
                                                },