diff options
author | jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-10-28 16:11:08 +0000 |
---|---|---|
committer | jpeeler <jpeeler@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-10-28 16:11:08 +0000 |
commit | 0de1b41f0f77d6476bff711464ebdf1ce14ca820 (patch) | |
tree | 7d5b07f8397e74b5b04165db111c0d2d11d01c9a | |
parent | 20b3f301b0cefe1c5098fa5239cce556cb27ff46 (diff) |
Merged revisions 293158 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
........
r293158 | jpeeler | 2010-10-28 11:09:40 -0500 (Thu, 28 Oct 2010) | 11 lines
Fix infinite loop in FILTER().
Specifically when you're using characters above \x7f or invalid character
escapes (e.g. \xgg).
(closes issue #18060)
Reported by: wdoekes
Patches:
issue18060_func_strings_filter_infinite_loop.patch uploaded by wdoekes (license 717)
Tested by: wdoekes
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.8@293159 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | funcs/func_strings.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/funcs/func_strings.c b/funcs/func_strings.c index 15c219b67..d95a3cbf0 100644 --- a/funcs/func_strings.c +++ b/funcs/func_strings.c @@ -719,10 +719,10 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char * if (*(args.allowed) == '-') { if (ast_get_encoded_char(args.allowed + 1, &c2, &consumed)) - c2 = -1; + c2 = c1; args.allowed += consumed + 1; - if ((c2 < c1 || c2 == -1) && !ast_opt_dont_warn) { + if ((unsigned char) c2 < (unsigned char) c1 && !ast_opt_dont_warn) { ast_log(LOG_WARNING, "Range wrapping in FILTER(%s,%s). This may not be what you want.\n", parse, args.string); } @@ -730,7 +730,7 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char * * Looks a little strange, until you realize that we can overflow * the size of a char. */ - for (ac = c1; ac != c2; ac++) { + for (ac = (unsigned char) c1; ac != (unsigned char) c2; ac++) { bitfield[ac / 32] |= 1 << (ac % 32); } bitfield[ac / 32] |= 1 << (ac % 32); |