From: Corey Farrell Date: Thu, 4 Jan 2018 21:37:52 +0000 (-0500) Subject: pbx: Prevent execution of NULL pointer. X-Git-Tag: 16.0.0-rc1~459^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cfb88f3ac13104549f8561aa1fc0f965a279574a;p=thirdparty%2Fasterisk.git pbx: Prevent execution of NULL pointer. pbx_extension_helper has a check for q->swo.exec == NULL but it doesn't actually return so we would still run the function. Fix the return. Move the 'int res' variable into the only scope which uses it. Also fix a copy-paste error in ast_pbx_init which could result in a crash on allocation failure (we exit with a normal error instead). Change-Id: I0693af921fdc7f56b6a72a21fb816ed08b960a69 --- diff --git a/main/pbx.c b/main/pbx.c index 12daa67bb3..b850e8efda 100644 --- a/main/pbx.c +++ b/main/pbx.c @@ -2863,7 +2863,6 @@ static int pbx_extension_helper(struct ast_channel *c, struct ast_context *con, struct ast_exten *e; struct ast_app *app; char *substitute = NULL; - int res; struct pbx_find_info q = { .stacklen = 0 }; /* the rest is reset in pbx_find_extension */ char passdata[EXT_DATA_SIZE]; int matching_action = (action == E_MATCH || action == E_CANMATCH || action == E_MATCHMORE); @@ -2880,9 +2879,12 @@ static int pbx_extension_helper(struct ast_channel *c, struct ast_context *con, ast_unlock_contexts(); return -1; /* success, we found it */ } else if (action == E_FINDLABEL) { /* map the label to a priority */ - res = e->priority; + int res = e->priority; + ast_unlock_contexts(); - return res; /* the priority we were looking for */ + + /* the priority we were looking for */ + return res; } else { /* spawn */ if (!e->cached_app) e->cached_app = pbx_findapp(e->app); @@ -2932,7 +2934,7 @@ static int pbx_extension_helper(struct ast_channel *c, struct ast_context *con, } else { if (!q.swo->exec) { ast_log(LOG_WARNING, "No execution engine for switch %s\n", q.swo->name); - res = -1; + return -1; } return q.swo->exec(c, q.foundcontext ? q.foundcontext : context, exten, priority, callerid, q.data); } @@ -8922,7 +8924,7 @@ int ast_pbx_init(void) /* This is protected by the context_and_merge lock */ autohints = ao2_container_alloc_options(AO2_ALLOC_OPT_LOCK_NOLOCK, HASH_EXTENHINT_SIZE, autohint_hash_cb, autohint_cmp); - if (hintdevices) { + if (autohints) { ao2_container_register("autohints", autohints, print_autohint_key); } statecbs = ao2_container_alloc(1, NULL, statecbs_cmp);