app_stack: protect against missing parameters to STACK_PEEK and LOCAL_PEEK
authorCorey Farrell <git@cfware.com>
Sat, 1 Feb 2014 00:25:54 +0000 (00:25 +0000)
committerCorey Farrell <git@cfware.com>
Sat, 1 Feb 2014 00:25:54 +0000 (00:25 +0000)
STACK_PEEK requires 2 parameters and LOCAL_PEEK requires 1 parameter.  This
protects against situations where those parameters are blank or missing by
logging an error and returning.

(closes issue ASTERISK-23220)
Reported by: James Sharp
........

Merged revisions 407100 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 407103 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 407104 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@407105 65c4cc65-6c06-0410-ace0-fbb531ad65f3

apps/app_stack.c

index 2199b33..db335c5 100644 (file)
@@ -784,6 +784,12 @@ static int peek_read(struct ast_channel *chan, const char *cmd, char *data, char
        }
 
        AST_STANDARD_RAW_ARGS(args, data);
+
+       if (ast_strlen_zero(args.n) || ast_strlen_zero(args.name)) {
+               ast_log(LOG_ERROR, "LOCAL_PEEK requires parameters n and varname\n");
+               return -1;
+       }
+
        n = atoi(args.n);
        *buf = '\0';
 
@@ -823,6 +829,11 @@ static int stackpeek_read(struct ast_channel *chan, const char *cmd, char *data,
        data = ast_strdupa(data);
        AST_STANDARD_APP_ARGS(args, data);
 
+       if (ast_strlen_zero(args.n) || ast_strlen_zero(args.which)) {
+               ast_log(LOG_ERROR, "STACK_PEEK requires parameters n and which\n");
+               return -1;
+       }
+
        n = atoi(args.n);
        if (n <= 0) {
                ast_log(LOG_ERROR, "STACK_PEEK must be called with a positive peek value\n");