aboutsummaryrefslogtreecommitdiffstats
path: root/funcs/func_curl.c
diff options
context:
space:
mode:
authortilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2010-11-15 07:45:42 +0000
committertilghman <tilghman@f38db490-d61c-443f-a65b-d21fe96a405b>2010-11-15 07:45:42 +0000
commit7f4e3d8924696f7212814da3b1769100c799e0f2 (patch)
tree00d09cb158443498d8703ee09a69c8f8649d272f /funcs/func_curl.c
parent24122ad49ca64ee62e509fd1010bdc1a048cc055 (diff)
Merged revisions 294989 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r294989 | tilghman | 2010-11-15 01:44:38 -0600 (Mon, 15 Nov 2010) | 15 lines Merged revisions 294988 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines It is possible to crash Asterisk by feeding the curl engine invalid data. (closes issue #18161) Reported by: wdoekes Patches: 20101029__issue18161.diff.txt uploaded by tilghman (license 14) Tested by: tilghman ........ ................ git-svn-id: http://svn.digium.com/svn/asterisk/trunk@294990 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'funcs/func_curl.c')
-rw-r--r--funcs/func_curl.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/funcs/func_curl.c b/funcs/func_curl.c
index 92d0b9729..d6c440257 100644
--- a/funcs/func_curl.c
+++ b/funcs/func_curl.c
@@ -529,8 +529,11 @@ static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info
struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
int rowcount = 0;
- while ((piece = strsep(&remainder, "&"))) {
+ while (fields && values && (piece = strsep(&remainder, "&"))) {
char *name = strsep(&piece, "=");
+ if (!piece) {
+ piece = "";
+ }
ast_uri_decode(piece);
ast_uri_decode(name);
ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);