From: Jaco Kroon <jaco@uls.co.za>
Date: Wed, 18 Mar 2020 09:38:30 +0000 (+0200)
Subject: dundi:  fix NULL dereference.
X-Git-Tag: 13.33.0-rc1~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9065d95254bc74ddf8752a3a7d711ac9e3d892bd;p=thirdparty%2Fasterisk.git

dundi:  fix NULL dereference.

If a negative (error) return is received from dundi_lookup_internal,
this is not handled correctly when assigning the result to the buffer.
As such, use a signed integer in the assignment and do a proper
comparison.

ASTERISK-21205

Change-Id: I5214ebb6491e2bd14f90c7d3ce229da86888f739
---

diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c
index 0d82a3f338..f3951a724a 100644
--- a/pbx/pbx_dundi.c
+++ b/pbx/pbx_dundi.c
@@ -4151,7 +4151,7 @@ static unsigned int dundi_result_id;
 
 struct dundi_result_datastore {
 	struct dundi_result results[MAX_RESULTS];
-	unsigned int num_results;
+	int num_results;
 	unsigned int id;
 };
 
@@ -4283,7 +4283,7 @@ static int dundi_result_read(struct ast_channel *chan, const char *cmd, char *da
 	drds = datastore->data;
 
 	if (!strcasecmp(args.resultnum, "getnum")) {
-		snprintf(buf, len, "%u", drds->num_results);
+		snprintf(buf, len, "%d", drds->num_results < 0 ? 0 : drds->num_results);
 		res = 0;
 		goto finish;
 	}
@@ -4294,7 +4294,7 @@ static int dundi_result_read(struct ast_channel *chan, const char *cmd, char *da
 		goto finish;
 	}
 
-	if (num && num <= drds->num_results) {
+	if (num && drds->num_results > 0 && num <= drds->num_results) {
 		snprintf(buf, len, "%s/%s", drds->results[num - 1].tech, drds->results[num - 1].dest);
 		res = 0;
 	} else