From: Kinsey Moore <kmoore@digium.com>
Date: Tue, 8 Oct 2013 18:18:21 +0000 (+0000)
Subject: Fix func_config list entry allocation
X-Git-Tag: 11.7.0-rc1~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09df02a03e8cab60f9f0264922e8047fa0250048;p=thirdparty%2Fasterisk.git

Fix func_config list entry allocation

The AST_CONFIG dialplan function defined in func_config.c allocates its
config file list entries using ast_malloc. List entry allocations
destined for use with Asterisk's linked list API must be ast_calloc()d
or otherwise initialized so that list pointers are set to NULL. These
uses of ast_malloc have been replaced by ast_calloc to prevent
dereferencing of uninitialized pointer values when traversing the list.

(closes issue ASTERISK-22483)
Reported by: Brian Scott
........

Merged revisions 400694 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@400697 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/funcs/func_config.c b/funcs/func_config.c
index cbc51aaae6..d45ad2c820 100644
--- a/funcs/func_config.c
+++ b/funcs/func_config.c
@@ -120,7 +120,7 @@ static int config_function_read(struct ast_channel *chan, const char *cmd, char
 			/* At worst, we might leak an entry while upgrading locks */
 			AST_RWLIST_UNLOCK(&configs);
 			AST_RWLIST_WRLOCK(&configs);
-			if (!(cur = ast_malloc(sizeof(*cur) + strlen(args.filename) + 1))) {
+			if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(args.filename) + 1))) {
 				AST_RWLIST_UNLOCK(&configs);
 				return -1;
 			}
@@ -149,7 +149,7 @@ static int config_function_read(struct ast_channel *chan, const char *cmd, char
 		}
 
 		if (!cur) {
-			if (!(cur = ast_malloc(sizeof(*cur) + strlen(args.filename) + 1))) {
+			if (!(cur = ast_calloc(1, sizeof(*cur) + strlen(args.filename) + 1))) {
 				AST_RWLIST_UNLOCK(&configs);
 				return -1;
 			}