func_env: Prevent FILE() from reading garbage at end-of-file
authorSean Bright <sean.bright@gmail.com>
Wed, 13 Nov 2019 20:25:22 +0000 (15:25 -0500)
committerGeorge Joseph <gjoseph@digium.com>
Mon, 18 Nov 2019 14:32:12 +0000 (08:32 -0600)
If the last line of a file does not have a terminating EOL sequence, we
potentially add garbage to the value returned from the FILE() function.

There is no overflow potential here as we are reading from a buffer of a
known size, we are just reading too much of it.

ASTERISK-26481 #close

Change-Id: I50dd4fcf416fb3c83150040a1a79a59d9eb1ae01

funcs/func_env.c

index 861adeb..e625853 100644 (file)
@@ -709,12 +709,13 @@ static int file_read(struct ast_channel *chan, const char *cmd, char *data, stru
                ast_debug(3, "offset=%" PRId64 ", length=%" PRId64 ", offset_offset=%" PRId64 ", length_offset=%" PRId64 "\n", offset, length, offset_offset, length_offset);
                for (i = offset_offset; i < flength; i += sizeof(fbuf)) {
                        char *pos;
-                       if (fread(fbuf, 1, sizeof(fbuf), ff) < sizeof(fbuf) && !feof(ff)) {
+                       size_t bytes_read;
+                       if ((bytes_read = fread(fbuf, 1, sizeof(fbuf), ff)) < sizeof(fbuf) && !feof(ff)) {
                                ast_log(LOG_ERROR, "Short read?!!\n");
                                fclose(ff);
                                return -1;
                        }
-                       for (pos = fbuf; pos < fbuf + sizeof(fbuf); pos++) {
+                       for (pos = fbuf; pos < fbuf + bytes_read; pos++) {
                                LINE_COUNTER(pos, format, current_length);
 
                                if (current_length == length) {