fix: memory leaks, resource leaks, out of bounds and bugs
authorAlexei Gradinari <alex2grad@gmail.com>
Fri, 17 Jun 2016 18:51:57 +0000 (14:51 -0400)
committerAlexei Gradinari <alex2grad@gmail.com>
Mon, 20 Jun 2016 17:08:18 +0000 (13:08 -0400)
ASTERISK-26119 #close

Change-Id: Iecbf7d0f360a021147344c4e83ab242fd1e7512c

main/ast_expr2.c
main/ast_expr2.y
main/say.c
res/ael/pval.c
res/res_phoneprov.c
res/res_pjsip_sdp_rtp.c

index c700b01..b914598 100644 (file)
@@ -3669,13 +3669,20 @@ op_tildetilde (struct val *a, struct val *b)
        /* strip double quotes from both -- */
        strip_quotes(a);
        strip_quotes(b);
-       
+
        vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+       if (vs == NULL) {
+               ast_log(LOG_WARNING, "malloc() failed\n");
+               return NULL;
+       }
+
        strcpy(vs,a->u.s);
        strcat(vs,b->u.s);
 
        v = make_str(vs);
 
+       free(vs);
+
        /* free arguments */
        free_value(a);
        free_value(b);
index df87bcc..29fee35 100644 (file)
@@ -1662,13 +1662,20 @@ op_tildetilde (struct val *a, struct val *b)
        /* strip double quotes from both -- */
        strip_quotes(a);
        strip_quotes(b);
-       
+
        vs = malloc(strlen(a->u.s)+strlen(b->u.s)+1);
+       if (vs == NULL) {
+               ast_log(LOG_WARNING, "malloc() failed\n");
+               return NULL;
+       }
+
        strcpy(vs,a->u.s);
        strcat(vs,b->u.s);
 
        v = make_str(vs);
 
+       free(vs);
+
        /* free arguments */
        free_value(a);
        free_value(b);
index 6e51de2..e4e3743 100644 (file)
@@ -8521,9 +8521,9 @@ int ast_say_date_with_format_ja(struct ast_channel *chan, time_t time, const cha
                      /* NOTE:  if you add more options here, please try to be consistent with strftime(3) */
                      case '\'':
                              /* Literal name of a sound file */
-                             sndoffset=0;
-                             for (sndoffset=0 ; (format[++offset] != '\'') && (sndoffset < 256) ; sndoffset++)
+                             for (sndoffset = 0 ; (format[++offset] != '\'') && (sndoffset < sizeof(sndfile) - 1) ; sndoffset++) {
                                      sndfile[sndoffset] = format[offset];
+                             }
                              sndfile[sndoffset] = '\0';
                              res = wait_file(chan,ints,sndfile,lang);
                              break;
index d5ea5ac..ce9458c 100644 (file)
@@ -3356,9 +3356,9 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
 #ifdef OLD_RAND_ACTION
        struct ael_priority *rand_test, *rand_end, *rand_skip;
 #endif
-       char *buf1;
-       char *buf2;
-       char *new_label;
+       RAII_VAR(char *, buf1, NULL, free);
+       RAII_VAR(char *, buf2, NULL, free);
+       RAII_VAR(char *, new_label, NULL, free);
        char *strp, *strp2;
        int default_exists;
        int local_control_statement_count;
@@ -4192,9 +4192,6 @@ static int gen_prios(struct ael_extension *exten, char *label, pval *statement,
                        break;
                }
        }
-       free(buf1);
-       free(buf2);
-       free(new_label);
        return 0;
 }
 
@@ -5053,7 +5050,10 @@ int  pvalCheckType( pval *p, char *funcname, pvaltype type )
 pval *pvalCreateNode( pvaltype type )
 {
        pval *p = calloc(1,sizeof(pval)); /* why, oh why, don't I use ast_calloc? Way, way, way too messy if I do! */
-       p->type = type;                   /* remember, this can be used externally or internally to asterisk */
+                                         /* remember, this can be used externally or internally to asterisk */
+       if (p) {
+               p->type = type;
+       }
        return p;
 }
 
@@ -5414,14 +5414,30 @@ void pvalIncludesAddInclude( pval *p, const char *include )
 
 void pvalIncludesAddIncludeWithTimeConstraints( pval *p, const char *include, char *hour_range, char *dom_range, char *dow_range, char *month_range )
 {
-       pval *hr = pvalCreateNode(PV_WORD);
-       pval *dom = pvalCreateNode(PV_WORD);
-       pval *dow = pvalCreateNode(PV_WORD);
-       pval *mon = pvalCreateNode(PV_WORD);
-       pval *s = pvalCreateNode(PV_WORD);
-       
-       if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES))
+       pval *hr;
+       pval *dom;
+       pval *dow;
+       pval *mon;
+       pval *s;
+
+       if (!pvalCheckType(p, "pvalIncludeAddIncludeWithTimeConstraints", PV_INCLUDES)) {
+               return;
+       }
+
+       hr = pvalCreateNode(PV_WORD);
+       dom = pvalCreateNode(PV_WORD);
+       dow = pvalCreateNode(PV_WORD);
+       mon = pvalCreateNode(PV_WORD);
+       s = pvalCreateNode(PV_WORD);
+
+       if (!hr || !dom || !dow || !mon || !s) {
+               destroy_pval(hr);
+               destroy_pval(dom);
+               destroy_pval(dow);
+               destroy_pval(mon);
+               destroy_pval(s);
                return;
+       }
 
        s->u1.str = (char *)include;
        p->u1.list = linku1(p->u1.list, s);
@@ -5668,12 +5684,28 @@ char* pvalIfGetCondition( pval *p )
 
 void pvalIfTimeSetCondition( pval *p, char *hour_range, char *dow_range, char *dom_range, char *mon_range )  /* time range format: 24-hour format begin-end|dow range|dom range|month range */
 {
-       pval *hr = pvalCreateNode(PV_WORD);
-       pval *dow = pvalCreateNode(PV_WORD);
-       pval *dom = pvalCreateNode(PV_WORD);
-       pval *mon = pvalCreateNode(PV_WORD);
-       if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME))
+       pval *hr;
+       pval *dow;
+       pval *dom;
+       pval *mon;
+
+       if (!pvalCheckType(p, "pvalIfTimeSetCondition", PV_IFTIME)) {
                return;
+       }
+
+       hr = pvalCreateNode(PV_WORD);
+       dow = pvalCreateNode(PV_WORD);
+       dom = pvalCreateNode(PV_WORD);
+       mon = pvalCreateNode(PV_WORD);
+
+       if (!hr || !dom || !dow || !mon) {
+               destroy_pval(hr);
+               destroy_pval(dom);
+               destroy_pval(dow);
+               destroy_pval(mon);
+               return;
+       }
+
        pvalWordSetString(hr, hour_range);
        pvalWordSetString(dow, dow_range);
        pvalWordSetString(dom, dom_range);
index b448c8e..2e4f873 100644 (file)
@@ -410,10 +410,13 @@ static int load_file(const char *filename, char **ret)
        fseek(f, 0, SEEK_END);
        len = ftell(f);
        fseek(f, 0, SEEK_SET);
-       if (!(*ret = ast_malloc(len + 1)))
+       if (!(*ret = ast_malloc(len + 1))) {
+               fclose(f);
                return -2;
+       }
 
        if (len != fread(*ret, sizeof(char), len, f)) {
+               fclose(f);
                ast_free(*ret);
                *ret = NULL;
                return -3;
index 08e80a3..048209c 100644 (file)
@@ -429,7 +429,7 @@ static pjmedia_sdp_attr* generate_fmtp_attr(pj_pool_t *pool, struct ast_format *
                *++tmp = '\0';
                /* ast...generate gives us everything, just need value */
                tmp = strchr(ast_str_buffer(fmtp0), ':');
-               if (tmp && tmp + 1) {
+               if (tmp && tmp[1] != '\0') {
                        fmtp1 = pj_str(tmp + 1);
                } else {
                        fmtp1 = pj_str(ast_str_buffer(fmtp0));