Ensure that commas placed in the middle of extension character classes do not
authorTilghman Lesher <tilghman@meg.abyt.es>
Wed, 4 Feb 2009 00:43:52 +0000 (00:43 +0000)
committerTilghman Lesher <tilghman@meg.abyt.es>
Wed, 4 Feb 2009 00:43:52 +0000 (00:43 +0000)
interfere with correct parsing of the extension.  Also, if an unterminated
character class DOES make its way into the pbx core (through some other
method), ensure that it does not crash Asterisk.
(closes issue #14362)
 Reported by: Nick_Lewis
 Patches:
       20090129__bug14362.diff.txt uploaded by Corydon76 (license 14)
 Tested by: Corydon76

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@173311 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/pbx.c
pbx/pbx_config.c

index c6c29a2..39a3d8b 100644 (file)
@@ -1900,6 +1900,9 @@ static struct match_char *add_exten_to_pattern_tree(struct ast_context *con, str
                                                *s2++ = s3;
                                        }
                                        s1++; s1++;
+                               } else if (*s1 == '\0') {
+                                       ast_log(LOG_WARNING, "A matching ']' was not found for '[' in pattern string '%s'\n", extenbuf);
+                                       break;
                                } else {
                                        *s2++ = *s1++;
                                }
index 64c99b5..6d29a3f 100644 (file)
@@ -1403,6 +1403,36 @@ static int unload_module(void)
        return 0;
 }
 
+/*!\note Protect against misparsing based upon commas in the middle of fields
+ * like character classes.  We've taken steps to permit pretty much every other
+ * printable character in a character class, so properly handling a comma at
+ * this level is a natural extension.  This is almost like the standard
+ * application parser in app.c, except that it handles square brackets. */
+static char *pbx_strsep(char **destructible, const char *delim)
+{
+       int square = 0;
+       char *res = *destructible;
+       for (; destructible && *destructible && **destructible; (*destructible)++) {
+               if (**destructible == '[' && !strchr(delim, '[')) {
+                       square++;
+               } else if (**destructible == ']' && !strchr(delim, ']')) {
+                       if (square) {
+                               square--;
+                       }
+               } else if (**destructible == '\\' && !strchr(delim, '\\')) {
+                       (*destructible)++;
+               } else if (strchr(delim, **destructible) && !square) {
+                       **destructible = '\0';
+                       (*destructible)++;
+                       break;
+               }
+       }
+       if (destructible && *destructible && **destructible == '\0') {
+               *destructible = NULL;
+       }
+       return res;
+}
+
 static int pbx_load_config(const char *config_file)
 {
        struct ast_config *cfg;
@@ -1488,7 +1518,7 @@ static int pbx_load_config(const char *config_file)
                                        continue;
                                }
 
-                               ext = S_OR(strsep(&stringp, ","), "");
+                               ext = S_OR(pbx_strsep(&stringp, ","), "");
                                pbx_substitute_variables_helper(NULL, ext, realext, sizeof(realext) - 1);
                                ast_copy_string(lastextension, realext, sizeof(lastextension));
 process_extension: