diff options
author | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-02 13:43:43 +0000 |
---|---|---|
committer | kpfleming <kpfleming@f38db490-d61c-443f-a65b-d21fe96a405b> | 2009-04-02 13:43:43 +0000 |
commit | af1ef1b6bb3570063df5aa6b4a86f34c75e1d8f7 (patch) | |
tree | b7ebc8246adf15668548759039770503de75d0bd /channels | |
parent | 8738dba4863fcc7d72b826c72e085ae595afe9a6 (diff) |
the DAHDI_GETCONF, DAHDI_SETCONF and DAHDI_GET_PARAMS ioctls were recently corrected to show that they do, in fact, read data from userspace as part of their work. due to this fix, valgrind now reports a number of cases where chan_dahdi passed an uninitialized (or partially) buffer to these ioctls, which could lead to unexpected behavior.
this patch corrects chan_dahdi to ensure that buffers passed to these ioctls are always fully initialized.
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@185952 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'channels')
-rw-r--r-- | channels/chan_dahdi.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index d42029cc5..e295c79c0 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -1623,9 +1623,6 @@ static int conf_del(struct dahdi_pvt *p, struct dahdi_subchannel *c, int index) /* Don't delete if we don't think it's conferenced at all (implied) */ ) return 0; memset(&zi, 0, sizeof(zi)); - zi.chan = 0; - zi.confno = 0; - zi.confmode = 0; if (ioctl(c->dfd, DAHDI_SETCONF, &zi)) { ast_log(LOG_WARNING, "Failed to drop %d from conference %d/%d: %s\n", c->dfd, c->curconf.confmode, c->curconf.confno, strerror(errno)); return -1; @@ -1681,11 +1678,12 @@ static int isslavenative(struct dahdi_pvt *p, struct dahdi_pvt **out) static int reset_conf(struct dahdi_pvt *p) { - struct dahdi_confinfo zi; - memset(&zi, 0, sizeof(zi)); p->confno = -1; memset(&p->subs[SUB_REAL].curconf, 0, sizeof(p->subs[SUB_REAL].curconf)); if (p->subs[SUB_REAL].dfd > -1) { + struct dahdi_confinfo zi; + + memset(&zi, 0, sizeof(zi)); if (ioctl(p->subs[SUB_REAL].dfd, DAHDI_SETCONF, &zi)) ast_log(LOG_WARNING, "Failed to reset conferencing on channel %d: %s\n", p->channel, strerror(errno)); } @@ -1999,8 +1997,7 @@ static int save_conference(struct dahdi_pvt *p) p->saveconf.confmode = 0; return -1; } - c.chan = 0; - c.confno = 0; + memset(&c, 0, sizeof(c)); c.confmode = DAHDI_CONF_NORMAL; res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_SETCONF, &c); if (res) { @@ -3036,6 +3033,7 @@ static int dahdi_hangup(struct ast_channel *ast) case SIG_FXOGS: case SIG_FXOLS: case SIG_FXOKS: + memset(&par, 0, sizeof(par)); res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par); if (!res) { #if 0 @@ -3987,6 +3985,7 @@ static int get_alarms(struct dahdi_pvt *p) return zi.alarms; #if !defined(HAVE_ZAPTEL) || defined(HAVE_ZAPTEL_CHANALARMS) /* No alarms on the span. Check for channel alarms. */ + memset(¶ms, 0, sizeof(params)); if ((res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, ¶ms)) >= 0) return params.chan_alarms; /* ioctl failed */ @@ -4596,6 +4595,7 @@ static struct ast_frame *dahdi_handle_event(struct ast_channel *ast) { struct dahdi_params par; + memset(&par, 0, sizeof(par)); if (ioctl(p->oprpeer->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par) != -1) { if (!par.rxisoffhook) @@ -5095,6 +5095,7 @@ static struct ast_frame *dahdi_read(struct ast_channel *ast) { struct dahdi_params ps; + memset(&ps, 0, sizeof(ps)); ps.channo = p->channel; if (ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps) < 0) { ast_mutex_unlock(&p->lock); @@ -5670,6 +5671,7 @@ static struct ast_channel *dahdi_new(struct dahdi_pvt *i, int state, int startpb if (!tmp) return NULL; tmp->tech = chan_tech; + memset(&ps, 0, sizeof(ps)); ps.channo = i->channel; res = ioctl(i->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps); if (res) { @@ -7816,9 +7818,10 @@ static struct dahdi_pvt *mkintf(int channel, const struct dahdi_chan_conf *conf, #endif } else { chan_sig = tmp->sig; - memset(&p, 0, sizeof(p)); - if (tmp->subs[SUB_REAL].dfd > -1) + if (tmp->subs[SUB_REAL].dfd > -1) { + memset(&p, 0, sizeof(p)); res = ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &p); + } } /* Adjust starttime on loopstart and kewlstart trunks to reasonable values */ switch (chan_sig) { @@ -8126,9 +8129,10 @@ static inline int available(struct dahdi_pvt *p, int channelmatch, ast_group_t g if (!p->sig || (p->sig == SIG_FXSLS)) return 1; /* Check hook state */ - if (p->subs[SUB_REAL].dfd > -1) + if (p->subs[SUB_REAL].dfd > -1) { + memset(&par, 0, sizeof(par)); res = ioctl(p->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &par); - else { + } else { /* Assume not off hook on CVRS */ res = 0; par.rxisoffhook = 0; @@ -8517,6 +8521,7 @@ static int pri_find_principle(struct dahdi_pri *pri, int channel) if (!explicit) { spanfd = pri_active_dchan_fd(pri); + memset(¶m, 0, sizeof(param)); if (ioctl(spanfd, DAHDI_GET_PARAMS, ¶m)) return -1; span = pris[param.spanno - 1].prilogicalspan; @@ -9972,6 +9977,7 @@ static int start_pri(struct dahdi_pri *pri) ast_log(LOG_ERROR, "Unable to open D-channel %d (%s)\n", x, strerror(errno)); return -1; } + memset(&p, 0, sizeof(p)); res = ioctl(pri->fds[i], DAHDI_GET_PARAMS, &p); if (res) { dahdi_close_pri_fd(pri, i); @@ -10674,6 +10680,7 @@ static int dahdi_show_channel(int fd, int argc, char **argv) memset(&ci, 0, sizeof(ci)); ps.channo = tmp->channel; if (tmp->subs[SUB_REAL].dfd > -1) { + memset(&ci, 0, sizeof(ci)); if (!ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GETCONF, &ci)) { ast_cli(fd, "Actual Confinfo: Num/%d, Mode/0x%04x\n", ci.confno, ci.confmode); } @@ -10682,6 +10689,7 @@ static int dahdi_show_channel(int fd, int argc, char **argv) ast_cli(fd, "Actual Confmute: %s\n", x ? "Yes" : "No"); } #endif + memset(&ps, 0, sizeof(ps)); if (ioctl(tmp->subs[SUB_REAL].dfd, DAHDI_GET_PARAMS, &ps) < 0) { ast_log(LOG_WARNING, "Failed to get parameters on channel %d: %s\n", tmp->channel, strerror(errno)); } else { |