From: Sean Bright <sean.bright@gmail.com>
Date: Tue, 23 May 2017 18:06:22 +0000 (-0400)
Subject: res_agi: Prevent crash when SET VARIABLE called without arguments
X-Git-Tag: 13.17.0-rc1~68^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f306e451f6f905a2bb74c15cb844735c244a7610;p=thirdparty%2Fasterisk.git

res_agi: Prevent crash when SET VARIABLE called without arguments

Explicitly check that the appropriate number of arguments were passed to
SET VARIABLE before attempting to reference them. Also initialize the
arguments array to zeroes before populating it.

ASTERISK-22432 #close

Change-Id: I5143607d80a2724f749c1674f3126b04ed32ea97
---

diff --git a/res/res_agi.c b/res/res_agi.c
index cd0d621eb1..bbb41d879d 100644
--- a/res/res_agi.c
+++ b/res/res_agi.c
@@ -3185,6 +3185,10 @@ static int handle_channelstatus(struct ast_channel *chan, AGI *agi, int argc, co
 
 static int handle_setvariable(struct ast_channel *chan, AGI *agi, int argc, const char * const argv[])
 {
+	if (argc != 4) {
+		return RESULT_SHOWUSAGE;
+	}
+
 	if (argv[3])
 		pbx_builtin_setvar_helper(chan, argv[2], argv[3]);
 
@@ -4003,7 +4007,7 @@ static void publish_async_exec_end(struct ast_channel *chan, int command_id, con
 
 static enum agi_result agi_handle_command(struct ast_channel *chan, AGI *agi, char *buf, int dead)
 {
-	const char *argv[MAX_ARGS];
+	const char *argv[MAX_ARGS] = {0};
 	int argc = MAX_ARGS;
 	int res;
 	agi_command *c;