From: Sean Bright Date: Mon, 20 Feb 2017 12:28:23 +0000 (-0500) Subject: app_voicemail: vm_authenticate accesses uninitialized memory X-Git-Tag: 13.15.0-rc1~75^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47daca8a2b9ee0f1cc5ab22478cf8dd92a97a3d4;p=thirdparty%2Fasterisk.git app_voicemail: vm_authenticate accesses uninitialized memory vm_authenticate doesn't always set the passed ast_vm_user argument, so we initialize to 0 before passing it in. ASTERISK-25893 #close Reported by: Filip Jenicek Change-Id: Ia3cc0128f93d352ed9add8d5c2f0f7232c2cbe4a --- diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c index ef210c2efe..6089779524 100644 --- a/apps/app_voicemail.c +++ b/apps/app_voicemail.c @@ -11113,7 +11113,7 @@ static int vm_authenticate(struct ast_channel *chan, char *mailbox, int mailbox_ return -1; } if (vmu && !skipuser) { - memcpy(res_vmu, vmu, sizeof(struct ast_vm_user)); + *res_vmu = *vmu; } return 0; } @@ -11275,8 +11275,8 @@ static int vm_execmain(struct ast_channel *chan, const char *data) int box; int useadsi = 0; int skipuser = 0; - struct vm_state vms; - struct ast_vm_user *vmu = NULL, vmus; + struct vm_state vms = {{0}}; + struct ast_vm_user *vmu = NULL, vmus = {{0}}; char *context = NULL; int silentexit = 0; struct ast_flags flags = { 0 }; @@ -11289,12 +11289,8 @@ static int vm_execmain(struct ast_channel *chan, const char *data) #endif /* Add the vm_state to the active list and keep it active */ - memset(&vms, 0, sizeof(vms)); - vms.lastmsg = -1; - memset(&vmus, 0, sizeof(vmus)); - ast_test_suite_event_notify("START", "Message: vm_execmain started"); if (ast_channel_state(chan) != AST_STATE_UP) { ast_debug(1, "Before ast_answer\n"); @@ -12587,7 +12583,7 @@ static struct ast_custom_function vm_info_acf = { static int vmauthenticate(struct ast_channel *chan, const char *data) { char *s, *user = NULL, *context = NULL, mailbox[AST_MAX_EXTENSION] = ""; - struct ast_vm_user vmus; + struct ast_vm_user vmus = {{0}}; char *options = NULL; int silent = 0, skipuser = 0; int res = -1;