From: George Joseph Date: Thu, 18 Sep 2014 14:43:41 +0000 (+0000) Subject: config: bug: Fix SEGV in ast_category_insert when matching category isn't found X-Git-Tag: 12.6.0-rc1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a163335e883ef0e6984b4be31194e2e3b12bbd79;p=thirdparty%2Fasterisk.git config: bug: Fix SEGV in ast_category_insert when matching category isn't found If you call ast_category_insert with a match category that doesn't exist, the list traverse runs out of 'next' categories and you get a SEGV. This patch adds check for the end-of-list condition and changes the signature to return an int for success/failure indication instead of a void. The only consumer of this function is manager and it was also changed to use the return value. Tested by: George Joseph Review: https://reviewboard.asterisk.org/r/3993/ ........ Merged revisions 423276 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 423277 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/12@423278 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/include/asterisk/config.h b/include/asterisk/config.h index 2579ef2795..541fea4ff7 100644 --- a/include/asterisk/config.h +++ b/include/asterisk/config.h @@ -675,8 +675,11 @@ void ast_category_append(struct ast_config *config, struct ast_category *cat); * \details * This function is used to insert a new category above another category * matching the match parameter. + * + * \retval 0 if succeeded + * \retval -1 if NULL parameters or match category was not found */ -void ast_category_insert(struct ast_config *config, struct ast_category *cat, const char *match); +int ast_category_insert(struct ast_config *config, struct ast_category *cat, const char *match); int ast_category_delete(struct ast_config *cfg, const char *category); /*! diff --git a/main/config.c b/main/config.c index 8fbbbd302b..123f0f772a 100644 --- a/main/config.c +++ b/main/config.c @@ -783,24 +783,28 @@ void ast_category_append(struct ast_config *config, struct ast_category *categor config->current = category; } -void ast_category_insert(struct ast_config *config, struct ast_category *cat, const char *match) +int ast_category_insert(struct ast_config *config, struct ast_category *cat, const char *match) { struct ast_category *cur_category; - if (!cat || !match) - return; + if (!config || !cat || !match) { + return -1; + } if (!strcasecmp(config->root->name, match)) { cat->next = config->root; config->root = cat; - return; + return 0; } - for (cur_category = config->root; cur_category; cur_category = cur_category->next) { + for (cur_category = config->root; cur_category && cur_category->next; + cur_category = cur_category->next) { if (!strcasecmp(cur_category->next->name, match)) { cat->next = cur_category->next; cur_category->next = cat; - break; + return 0; } } + + return -1; } static void ast_destroy_template_list(struct ast_category *cat) diff --git a/main/manager.c b/main/manager.c index e598cc7b64..97e040b75e 100644 --- a/main/manager.c +++ b/main/manager.c @@ -3231,7 +3231,11 @@ static enum error_type handle_updates(struct mansession *s, const struct message if (ast_strlen_zero(match)) { ast_category_append(cfg, category); } else { - ast_category_insert(cfg, category, match); + if (ast_category_insert(cfg, category, match)) { + result = FAILURE_NEWCAT; + ast_category_destroy(category); + break; + } } } else if (!strcasecmp(action, "renamecat")) { if (ast_strlen_zero(value)) {