From: Jeff Peeler Date: Thu, 28 Oct 2010 16:09:40 +0000 (+0000) Subject: Fix infinite loop in FILTER(). X-Git-Tag: 1.6.2.15-rc1~30 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9206c592c602429e1ce25793fa8538b462aac436;p=thirdparty%2Fasterisk.git Fix infinite loop in FILTER(). Specifically when you're using characters above \x7f or invalid character escapes (e.g. \xgg). (closes issue #18060) Reported by: wdoekes Patches: issue18060_func_strings_filter_infinite_loop.patch uploaded by wdoekes (license 717) Tested by: wdoekes git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@293158 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/funcs/func_strings.c b/funcs/func_strings.c index 9af4dfca4f..2bd47c3de1 100644 --- a/funcs/func_strings.c +++ b/funcs/func_strings.c @@ -459,10 +459,10 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char * if (*(args.allowed) == '-') { if (ast_get_encoded_char(args.allowed + 1, &c2, &consumed)) - c2 = -1; + c2 = c1; args.allowed += consumed + 1; - if ((c2 < c1 || c2 == -1) && !ast_opt_dont_warn) { + if ((unsigned char) c2 < (unsigned char) c1 && !ast_opt_dont_warn) { ast_log(LOG_WARNING, "Range wrapping in FILTER(%s,%s). This may not be what you want.\n", parse, args.string); } @@ -470,7 +470,7 @@ static int filter(struct ast_channel *chan, const char *cmd, char *parse, char * * Looks a little strange, until you realize that we can overflow * the size of a char. */ - for (ac = c1; ac != c2; ac++) { + for (ac = (unsigned char) c1; ac != (unsigned char) c2; ac++) { bitfield[ac / 32] |= 1 << (ac % 32); } bitfield[ac / 32] |= 1 << (ac % 32);