From: Jaco Kroon <jaco@uls.co.za>
Date: Wed, 18 Mar 2020 09:38:30 +0000 (+0200)
Subject: dundi:  fix NULL dereference.
X-Git-Tag: 16.10.0-rc1~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9cd46ec1181c590be1447200df4e82124f513ba0;p=thirdparty%2Fasterisk.git

dundi:  fix NULL dereference.

If a negative (error) return is received from dundi_lookup_internal,
this is not handled correctly when assigning the result to the buffer.
As such, use a signed integer in the assignment and do a proper
comparison.

ASTERISK-21205

Change-Id: I5214ebb6491e2bd14f90c7d3ce229da86888f739
---

diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c
index 6cc7711134..1ab0676c50 100644
--- a/pbx/pbx_dundi.c
+++ b/pbx/pbx_dundi.c
@@ -4193,7 +4193,7 @@ static unsigned int dundi_result_id;
 
 struct dundi_result_datastore {
 	struct dundi_result results[MAX_RESULTS];
-	unsigned int num_results;
+	int num_results;
 	unsigned int id;
 };
 
@@ -4325,7 +4325,7 @@ static int dundi_result_read(struct ast_channel *chan, const char *cmd, char *da
 	drds = datastore->data;
 
 	if (!strcasecmp(args.resultnum, "getnum")) {
-		snprintf(buf, len, "%u", drds->num_results);
+		snprintf(buf, len, "%d", drds->num_results < 0 ? 0 : drds->num_results);
 		res = 0;
 		goto finish;
 	}
@@ -4336,7 +4336,7 @@ static int dundi_result_read(struct ast_channel *chan, const char *cmd, char *da
 		goto finish;
 	}
 
-	if (num && num <= drds->num_results) {
+	if (num && drds->num_results > 0 && num <= drds->num_results) {
 		snprintf(buf, len, "%s/%s", drds->results[num - 1].tech, drds->results[num - 1].dest);
 		res = 0;
 	} else