Merged revisions 322484 via svnmerge from
authorRichard Mudgett <rmudgett@digium.com>
Wed, 8 Jun 2011 20:48:03 +0000 (20:48 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Wed, 8 Jun 2011 20:48:03 +0000 (20:48 +0000)
https://origsvn.digium.com/svn/asterisk/branches/1.8

........
  r322484 | rmudgett | 2011-06-08 15:46:55 -0500 (Wed, 08 Jun 2011) | 15 lines

  Ring all queue with more than 255 agents will cause crash.

  1. Create a ring-all queue with 500 permanent agents.
  2. Call it.
  3. Asterisk will crash.

  The watchers array in app_queue.c has a hard limit of 255.  Bounds
  checking is not done on this array.  No sane person should put 255 people
  in a ring-all queue, but we should not crash anyway.

  * Added bounds checking to the watchers array.

  JIRA AST-464
  JIRA SWP-2903
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@322485 65c4cc65-6c06-0410-ace0-fbb531ad65f3

apps/app_queue.c

index 146cf63..be929c1 100644 (file)
@@ -3482,7 +3482,9 @@ static struct callattempt *wait_for_answer(struct queue_ent *qe, struct callatte
                                if (o->stillgoing) {    /* Keep track of important channels */
                                        stillgoing = 1;
                                        if (o->chan) {
-                                               watchers[pos++] = o->chan;
+                                               if (pos < AST_MAX_WATCHERS) {
+                                                       watchers[pos++] = o->chan;
+                                               }
                                                if (!start)
                                                        start = o;
                                                else