From: Richard Mudgett <rmudgett@digium.com>
Date: Wed, 24 Jun 2009 21:22:11 +0000 (+0000)
Subject: Merged revisions 203037 via svnmerge from
X-Git-Tag: 1.6.1.3-rc1~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=482ffa8830dac5e297ad320a9ad56bc98641a228;p=thirdparty%2Fasterisk.git

Merged revisions 203037 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk

................
  r203037 | rmudgett | 2009-06-24 16:08:55 -0500 (Wed, 24 Jun 2009) | 15 lines

  Merged revisions 203036 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r203036 | rmudgett | 2009-06-24 16:01:43 -0500 (Wed, 24 Jun 2009) | 8 lines

    Improved chan_dahdi.conf pritimer error checking.

    Valid format is: pritimer=timer_name,timer_value

    *  Fixed segfault if the ',' is missing.
    *  Completely check the range returned by pri_timer2idx() to prevent
    possible access outside array bounds.
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.1@203057 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 54dcff933d..65eaaeb1eb 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -14761,22 +14761,34 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct
 #endif
 			} else if (!strcasecmp(v->name, "pritimer")) {
 #ifdef PRI_GETSET_TIMERS
-				char tmp[20], *timerc, *c = tmp;
-				int timer, timeridx;
+				char tmp[20];
+				char *timerc;
+				char *c;
+				int timer;
+				int timeridx;
+
 				ast_copy_string(tmp, v->value, sizeof(tmp));
+				c = tmp;
 				timerc = strsep(&c, ",");
-				if (timerc) {
+				if (!ast_strlen_zero(timerc) && !ast_strlen_zero(c)) {
+					timeridx = pri_timer2idx(timerc);
 					timer = atoi(c);
-					if (!timer)
-						ast_log(LOG_WARNING, "'%s' is not a valid value for an ISDN timer at line %d.\n", timerc, v->lineno);
-					else {
-						if ((timeridx = pri_timer2idx(timerc)) >= 0)
-							pritimers[timeridx] = timer;
-						else
-							ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer at line %d.\n", timerc, v->lineno);
+					if (timeridx < 0 || PRI_MAX_TIMERS <= timeridx) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid ISDN timer at line %d.\n", timerc,
+							v->lineno);
+					} else if (!timer) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid value for ISDN timer '%s' at line %d.\n",
+							c, timerc, v->lineno);
+					} else {
+						pritimers[timeridx] = timer;
 					}
-				} else
-					ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer configuration string at line %d.\n", v->value, v->lineno);
+				} else {
+					ast_log(LOG_WARNING,
+						"'%s' is not a valid ISDN timer configuration string at line %d.\n",
+						v->value, v->lineno);
+				}
 
 			} else if (!strcasecmp(v->name, "facilityenable")) {
 				confp->pri.facilityenable = ast_true(v->value);