]> git.ipfire.org Git - thirdparty/freeswitch.git/commitdiff
skip dialplan args with bad char sequences
authorBrian West <brian@freeswitch.org>
Wed, 3 Mar 2010 18:31:19 +0000 (18:31 +0000)
committerBrian West <brian@freeswitch.org>
Wed, 3 Mar 2010 18:31:19 +0000 (18:31 +0000)
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16882 d0543943-73ff-0310-b7d9-9358b9ac24b2

src/include/switch_mprintf.h
src/include/switch_utils.h
src/switch_caller.c
src/switch_channel.c
src/switch_event.c
src/switch_mprintf.c

index 2dd91e00137e0c17930279678431de0a60f4c7b0..af2396800da2f6dfca3f2409b7cf903411ee257b 100644 (file)
@@ -57,6 +57,7 @@ SWITCH_BEGIN_EXTERN_C
  */
 SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...);
 SWITCH_DECLARE(char *) switch_vmprintf(const char *zFormat, va_list ap);
+SWITCH_DECLARE(char *) switch_snprintfv(char *zBuf, int n, const char *zFormat, ...);
 
 SWITCH_END_EXTERN_C
 #endif /* SWITCH_MPRINTF_H */
index a01c1e3c8e717951ea6879ac54fc4aec44b21753..10fba43094c17ca702bc6824eadfa0b0c6d3690f 100644 (file)
@@ -104,7 +104,7 @@ static inline int switch_string_has_escaped_data(const char *in)
 
        while (i && *i == '\\') {
                i++;
-               if (*i == '\\' || *i == 'n' || *i == 's' || *i == 't') {
+               if (*i == '\\' || *i == 'n' || *i == 's' || *i == 't' || *i == '\'') {
                        return 1;
                }
                i = strchr(i, '\\');
index f1f0728323634dbb413b84176c9ae8219cd6d4bb..a8a175189c86a785bc71a85c6b9694d8b4f4da66 100644 (file)
@@ -415,6 +415,13 @@ SWITCH_DECLARE(void) switch_caller_extension_add_application_printf(switch_core_
        va_end(ap);
 
        if (data) {
+               char *p;
+
+               if ((p = strstr(data, "\\'"))) {
+                       switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "App not added, Invalid character sequence in data string [%s]\n", data);
+                       free(data);
+                       return;
+               }
                switch_caller_extension_add_application(session, caller_extension, application_name, data);
                free(data);
        }
@@ -426,12 +433,22 @@ SWITCH_DECLARE(void) switch_caller_extension_add_application(switch_core_session
                                                                                                                         const char *application_data)
 {
        switch_caller_application_t *caller_application = NULL;
+       char *p;
 
        switch_assert(session != NULL);
 
        if ((caller_application = switch_core_session_alloc(session, sizeof(switch_caller_application_t))) != 0) {
                caller_application->application_name = switch_core_session_strdup(session, application_name);
                caller_application->application_data = switch_core_session_strdup(session, application_data);
+
+
+
+               if ((p = strstr(caller_application->application_data, "\\'"))) {
+                       switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "App not added, Invalid character sequence in data string [%s]\n", 
+                                                         caller_application->application_data);
+                       return;
+               }
+               
                if (!caller_extension->applications) {
                        caller_extension->applications = caller_application;
                } else if (caller_extension->last_application) {
index 7bad363160427f191fe0517feb37b168e4e20d41..47ac157b89f274012ea9b72f44c9e27d105f14d8 100644 (file)
@@ -2438,6 +2438,9 @@ SWITCH_DECLARE(char *) switch_channel_expand_variables(switch_channel_t *channel
                                if (*(p + 1) == '$') {
                                        nv = 1;
                                        p++;
+                               } else if (*(p + 1) == '\'') {
+                                       p++;
+                                       continue;
                                } else if (*(p + 1) == '\\') {
                                        *c++ = *p++;
                                        len++;
index 4039c404cee408d1c11ff84d2cb5945ef6548f4c..b65c7b137127b434c5f211a6f5252e89f506653e 100644 (file)
@@ -1395,6 +1395,9 @@ SWITCH_DECLARE(char *) switch_event_expand_headers(switch_event_t *event, const
                                if (*(p + 1) == '$') {
                                        nv = 1;
                                        p++;
+                               } else if (*(p + 1) == '\'') {
+                                       p++;
+                                       continue;
                                } else if (*(p + 1) == '\\') {
                                        *c++ = *p++;
                                        len++;
index 92b16ec578be2a7c3479f6eddad58a7eb3759dfc..595581cbf06a2a421ebd531fd21ef8d47a35bdfe 100644 (file)
@@ -871,30 +871,6 @@ static void *printf_realloc(void *old, int size)
        return realloc(old, size);
 }
 
-/*
-** Print into memory. Use the internal %-conversion extensions.
-*/
-SWITCH_DECLARE(char *) switch_vmprintf(const char *zFormat, va_list ap)
-{
-       char zBase[SWITCH_PRINT_BUF_SIZE];
-       return base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-}
-
-/*
-** Print into memory. Use the internal %-conversion extensions.
-*/
-SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...)
-{
-       va_list ap;
-       char *z;
-       char zBase[SWITCH_PRINT_BUF_SIZE];
-       va_start(ap, zFormat);
-       z = base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-       va_end(ap);
-       return z;
-}
-
-#ifdef __UNUSED__
 /*
 ** Print into memory. Omit the internal %-conversion extensions.
 */
@@ -924,7 +900,7 @@ SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...)
 ** are not able to use a "," as the decimal point in place of "." as
 ** specified by some locales.
 */
-SWITCH_DECLARE(char *) switch_snprintf(int n, char *zBuf, const char *zFormat, ...)
+SWITCH_DECLARE(char *) switch_snprintfv(char *zBuf, int n, const char *zFormat, ...)
 {
        char *z;
        va_list ap;
@@ -934,4 +910,4 @@ SWITCH_DECLARE(char *) switch_snprintf(int n, char *zBuf, const char *zFormat, .
        va_end(ap);
        return z;
 }
-#endif
+