app_confbridge: Correct verification of conference name length

Conference names were not checked for maximum length, allowing unexpected
behaviour.  This change adds checking to ensure the maximum length is not
exceeded.  The maximum length is also changed from 32 to AST_MAX_EXTENSION.

ASTERISK-23035 #close
Reported by: Iñaki Cívico
Tested by: Iñaki Cívico
Patches:
    confbridge-enforce_max-1.8.patch uploaded by coreyfarrell (license 5909)
    confbridge-enforce_max-11up.patch uploaded by coreyfarrell (license 5909)
........

Merged revisions 415060 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 415066 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 415078 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@415080 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_confbridge.c b/apps/app_confbridge.c
index bf8773d32b1b2a1e0401952d642f01dcb7b1bd95..fee8643bb32375a3ba92aed10eb5a2a289cac886 100644 (file)
--- a/apps/app_confbridge.c
+++ b/apps/app_confbridge.c
@@ -1593,17 +1593,24 @@ static int confbridge_exec(struct ast_channel *chan, const char *data)
                goto confbridge_cleanup;
        }
 
-       if (ast_strlen_zero(data)) {
+       /* We need to make a copy of the input string if we are going to modify it! */
+       parse = ast_strdupa(data);
+
+       AST_STANDARD_APP_ARGS(args, parse);
+
+       if (ast_strlen_zero(args.conf_name)) {
                pbx_builtin_setvar_helper(chan, "CONFBRIDGE_RESULT", "FAILED");
                ast_log(LOG_WARNING, "%s requires an argument (conference name[,options])\n", app);
                res = -1;
                goto confbridge_cleanup;
        }
 
-       /* We need to make a copy of the input string if we are going to modify it! */
-       parse = ast_strdupa(data);
-
-       AST_STANDARD_APP_ARGS(args, parse);
+       if (strlen(args.conf_name) >= MAX_CONF_NAME) {
+               pbx_builtin_setvar_helper(chan, "CONFBRIDGE_RESULT", "FAILED");
+               ast_log(LOG_WARNING, "%s does not accept conference names longer than %d\n", app, MAX_CONF_NAME - 1);
+               res = -1;
+               goto confbridge_cleanup;
+       }
 
        /* bridge profile name */
        if (args.argc > 1 && !ast_strlen_zero(args.b_profile_name)) {

diff --git a/apps/confbridge/include/confbridge.h b/apps/confbridge/include/confbridge.h
index ce6253744fe3e42f0ee477eeb5ea605c04443740..4e155e621e797ae4e2976b03fceb8cf04708b24e 100644 (file)
--- a/apps/confbridge/include/confbridge.h
+++ b/apps/confbridge/include/confbridge.h
@@ -31,7 +31,7 @@
 #include "conf_state.h"
 
 /* Maximum length of a conference bridge name */
-#define MAX_CONF_NAME 32
+#define MAX_CONF_NAME AST_MAX_EXTENSION
 /* Maximum length of a conference pin */
 #define MAX_PIN     80