]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8ae012e)
Fix crash on fdopen failure
authorTerry Wilson <twilson@digium.com>
Wed, 16 Mar 2011 19:37:54 +0000 (19:37 +0000)
committerTerry Wilson <twilson@digium.com>
Wed, 16 Mar 2011 19:37:54 +0000 (19:37 +0000)
See security advisory AST-2011-004

(closes issue #18845)
Reported by: cmaj
Patches:
     patch-main-tcptls-1.8.3-rc2-open-session-crash-take2.diff.txt uploaded by cmaj (license 830)
     patch-main-tcptls-1.8.3-rc2-open-session-crash-take3.diff.txt uploaded by cmaj (license 830)
Tested by: cmaj, twilson

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@310996 65c4cc65-6c06-0410-ace0-fbb531ad65f3

main/manager.c patch | blob | blame | history
main/tcptls.c patch | blob | blame | history

diff --git a/main/manager.c b/main/manager.c
index 5ab7a37e4c5a72204ce4c1355634c7b0856f6898..eac123c143c37a0a0d887c382dad8caca980e469 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -228,7 +228,6 @@ struct mansession {
        struct mansession_session *session;
        FILE *f;
        int fd;
-       int write_error:1;
 };
 
 static AST_LIST_HEAD_STATIC(sessions, mansession_session);
@@ -965,15 +964,11 @@ struct ast_variable *astman_get_variables(const struct message *m)
  */
 static int send_string(struct mansession *s, char *string)
 {
-       int res;
-
-       if (s->f && (res = ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout))) {
-               s->write_error = 1;
-       } else if ((res = ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout))) {
-               s->write_error = 1;
+       if (s->f) {
+               return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
+       } else {
+               return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
        }
-
-       return res;
 }
 
 /*!
@@ -3282,7 +3277,7 @@ static void *session_do(void *data)
 
        astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
        for (;;) {
-               if ((res = do_message(&s)) < 0 || s.write_error)
+               if ((res = do_message(&s)) < 0)
                        break;
        }
        /* session is over, explain why and terminate */
diff --git a/main/tcptls.c b/main/tcptls.c
index 6c84762d5d6e4db43dfd5e171d98d9e947066c0f..e5a335a1e5002a5f2dcaa2460d5e81a63aeb40b8 100644 (file)
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -139,8 +139,12 @@ static void *handle_tcptls_connection(void *data)
        * open a FILE * as appropriate.
        */
        if (!tcptls_session->parent->tls_cfg) {
-               tcptls_session->f = fdopen(tcptls_session->fd, "w+");
-               setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+               if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+                       if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+                               fclose(tcptls_session->f);
+                               tcptls_session->f = NULL;
+                       }
+               }
        }
 #ifdef DO_SSL
        else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
Mirror of https://github.com/asterisk/asterisk.git