Merged revisions 72556 via svnmerge from
authorTilghman Lesher <tilghman@meg.abyt.es>
Fri, 29 Jun 2007 04:56:08 +0000 (04:56 +0000)
committerTilghman Lesher <tilghman@meg.abyt.es>
Fri, 29 Jun 2007 04:56:08 +0000 (04:56 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.4

........
r72556 | tilghman | 2007-06-28 23:47:11 -0500 (Thu, 28 Jun 2007) | 2 lines

Issue 10055 - Change memory allocation to use the heap for a command, since the output has the potential to overflow the stack (as it did here)

........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@72557 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c

index c5646be..2c66f5f 100644 (file)
@@ -1847,17 +1847,26 @@ static int action_command(struct mansession *s, const struct message *m)
        /* FIXME: Wedge a ActionID response in here, waiting for later changes */
        ast_cli_command(fd, cmd);       /* XXX need to change this to use a FILE * */
        l = lseek(fd, 0, SEEK_END);     /* how many chars available */
-       buf = alloca(l + 1);
-       final_buf = alloca(l + 1);
-       lseek(fd, 0, SEEK_SET);
-       read(fd, buf, l);
-       buf[l] = '\0';
+
+       /* This has a potential to overflow the stack.  Hence, use the heap. */
+       buf = ast_calloc(1, l + 1);
+       final_buf = ast_calloc(1, l + 1);
+       if (buf) {
+               lseek(fd, 0, SEEK_SET);
+               read(fd, buf, l);
+               buf[l] = '\0';
+               if (final_buf) {
+                       term_strip(final_buf, buf, l);
+                       final_buf[l] = '\0';
+               }
+               astman_append(s, S_OR(final_buf, buf));
+               ast_free(buf);
+       }
        close(fd);
        unlink(template);
-       term_strip(final_buf, buf, l);
-       final_buf[l] = '\0';
-       astman_append(s, final_buf);
        astman_append(s, "--END COMMAND--\r\n\r\n");
+       if (final_buf)
+               ast_free(final_buf);
        return 0;
 }