diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-06-09 21:11:43 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2010-06-09 21:11:43 +0000 |
commit | c452a64677be4fd57dba7fe0983bcf018e9ddc9c (patch) | |
tree | 667e0e9d107d99cda2847ed7af98649a60791345 /main | |
parent | 4dae7fef42da51388d7ba01b033f19822341ff03 (diff) |
Resolve an invalid memory read on an event.
Valgrind pointed out that attempting to get an IE value from an event that has
no IEs produces an invalid memory read past the end of the event. Thanks to
mmichelson for pointing the problem out to me and then testing the fix.
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@269417 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main')
-rw-r--r-- | main/event.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/main/event.c b/main/event.c index 51a3a45ab..23fd7af8e 100644 --- a/main/event.c +++ b/main/event.c @@ -935,11 +935,20 @@ struct ast_event_sub *ast_event_unsubscribe(struct ast_event_sub *sub) return NULL; } -void ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event) +int ast_event_iterator_init(struct ast_event_iterator *iterator, const struct ast_event *event) { + int res = 0; + iterator->event_len = ast_event_get_size(event); iterator->event = event; - iterator->ie = (struct ast_event_ie *) ( ((char *) event) + sizeof(*event) ); + if (iterator->event_len >= sizeof(*event) + sizeof(struct ast_event_ie)) { + iterator->ie = (struct ast_event_ie *) ( ((char *) event) + sizeof(*event) ); + } else { + iterator->ie = NULL; + res = -1; + } + + return res; } int ast_event_iterator_next(struct ast_event_iterator *iterator) @@ -1021,9 +1030,9 @@ const char *ast_event_get_ie_str(const struct ast_event *event, enum ast_event_i const void *ast_event_get_ie_raw(const struct ast_event *event, enum ast_event_ie_type ie_type) { struct ast_event_iterator iterator; - int res = 0; + int res; - for (ast_event_iterator_init(&iterator, event); !res; res = ast_event_iterator_next(&iterator)) { + for (res = ast_event_iterator_init(&iterator, event); !res; res = ast_event_iterator_next(&iterator)) { if (ast_event_iterator_get_ie_type(&iterator) == ie_type) { return ast_event_iterator_get_ie_raw(&iterator); } |