From: George Joseph <gjoseph@sangoma.com>
Date: Thu, 30 Jan 2025 15:49:33 +0000 (-0700)
Subject: func_strings.c: Prevent SEGV in HASH single-argument mode.
X-Git-Tag: 21.8.0-rc1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=066dc7b18efc55abaf3ec0ca9150c1cfd85ec949;p=thirdparty%2Fasterisk.git

func_strings.c: Prevent SEGV in HASH single-argument mode.

When in single-argument mode (very rarely used), a malformation of a column
name (also very rare) could cause a NULL to be returned when retrieving the
channel variable for that column.  Passing that to strncat causes a SEGV.  We
now check for the NULL and print a warning message.

Resolves: #1101
(cherry picked from commit f5e066a48b8dade79dab87bb8e2940a818ec1894)
---

diff --git a/funcs/func_strings.c b/funcs/func_strings.c
index 65cb4ca25a..8d4e46a15e 100644
--- a/funcs/func_strings.c
+++ b/funcs/func_strings.c
@@ -1554,6 +1554,16 @@ static int hash_read(struct ast_channel *chan, const char *cmd, char *data, char
 		for (i = 0; i < arg2.argc; i++) {
 			snprintf(varname, sizeof(varname), HASH_FORMAT, arg.hashname, arg2.col[i]);
 			varvalue = pbx_builtin_getvar_helper(chan, varname);
+			/*
+			 * If the value is NULL, there was probably a malformation in the
+			 * column name (unbalanced quote, etc.)  This makes everything
+			 * suspect so we should return nothing at all.
+			 */
+			if (!varvalue) {
+				ast_log(LOG_WARNING, "No value found for '%s'\n", varname);
+				*buf = '\0';
+				return -1;
+			}
 			strncat(buf, varvalue, len - strlen(buf) - 1);
 			strncat(buf, ",", len - strlen(buf) - 1);
 		}