Merged revisions 323559 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

........
  r323559 | seanbright | 2011-06-15 11:15:30 -0400 (Wed, 15 Jun 2011) | 25 lines

  Resolve a segfault/bus error when we try to map memory that falls on a page
  boundary.

  The fix for ASTERISK-15359 was incorrect in that it added 1 to the length of the
  mmap'd region.  The problem with this is that reading/writing to that extra byte
  outside of the bounds of the underlying fd causes a bus error.

  The real issue is that we are working with both a FILE * and the raw fd
  underneath it and not synchronizing between them.  The code that was removed in
  ASTERISK-15359 was correct, but we weren't flushing the FILE * before mapping
  the fd.

  Looking at the manager code in 1.4 reveals that the FILE * in 'struct
  mansession' is never used except to create a temporary file that we immediately
  fdopen.  This means we just need to write a 0 byte to the fd and everything will
  just work.  The other branches require a call to fflush() which, while not a
  guaranteed fix, should reduce the likelihood of a crash.

  This all makes sense in my head.

  (closes issue ASTERISK-16460)
  Reported by: Ravelomanantsoa Hoby (hoby)
  Patches:
  		issue17747_1.4_svn_markII.patch uploaded by Sean Bright (license #5060)
........

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@323579 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/main/manager.c b/main/manager.c
index da7f03a599741cc2afea6110523e648968a23669..c691f30f4d129081ec650e4e34082a1b8bf73024 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -4051,8 +4051,12 @@ static struct ast_str *generic_http_callback(enum output_format format,
                char *buf;
                size_t l;
 
+               /* Ensure buffer is NULL-terminated */
+               fprintf(s.f, "%c", 0);
+               fflush(s.f);
+
                if ((l = ftell(s.f))) {
-                       if (MAP_FAILED == (buf = mmap(NULL, l + 1, PROT_READ | PROT_WRITE, MAP_PRIVATE, s.fd, 0))) {
+                       if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s.fd, 0))) {
                                ast_log(LOG_WARNING, "mmap failed.  Manager output was not processed\n");
                        } else {
                                buf[l] = '\0';
@@ -4061,13 +4065,14 @@ static struct ast_str *generic_http_callback(enum output_format format,
                                } else {
                                        ast_str_append(&out, 0, "%s", buf);
                                }
-                               munmap(buf, l + 1);
+                               munmap(buf, l);
                        }
                } else if (format == FORMAT_XML || format == FORMAT_HTML) {
                        xml_translate(&out, "", params, format);
                }
                fclose(s.f);
                s.f = NULL;
+               close(s.fd);
                s.fd = -1;
        }