res_agi: Prevent crash when SET VARIABLE called without arguments

Explicitly check that the appropriate number of arguments were passed to
SET VARIABLE before attempting to reference them. Also initialize the
arguments array to zeroes before populating it.

ASTERISK-22432 #close

Change-Id: I5143607d80a2724f749c1674f3126b04ed32ea97

diff --git a/res/res_agi.c b/res/res_agi.c
index cd0d621eb18f9368f860ebc5f8c1bd9bf1705226..bbb41d879dbcb61abdc5509987583451bcfe7ee7 100644 (file)
--- a/res/res_agi.c
+++ b/res/res_agi.c
@@ -3185,6 +3185,10 @@ static int handle_channelstatus(struct ast_channel *chan, AGI *agi, int argc, co
 
 static int handle_setvariable(struct ast_channel *chan, AGI *agi, int argc, const char * const argv[])
 {
+       if (argc != 4) {
+               return RESULT_SHOWUSAGE;
+       }
+
        if (argv[3])
                pbx_builtin_setvar_helper(chan, argv[2], argv[3]);
 
@@ -4003,7 +4007,7 @@ static void publish_async_exec_end(struct ast_channel *chan, int command_id, con
 
 static enum agi_result agi_handle_command(struct ast_channel *chan, AGI *agi, char *buf, int dead)
 {
-       const char *argv[MAX_ARGS];
+       const char *argv[MAX_ARGS] = {0};
        int argc = MAX_ARGS;
        int res;
        agi_command *c;