From 0701feaa959570beeb4ce15aba29d4be940530d4 Mon Sep 17 00:00:00 2001
From: Sean Bright <sean@malleable.com>
Date: Wed, 15 Jun 2011 15:31:53 +0000
Subject: [PATCH] Merged revisions 323579 via svnmerge from
 https://origsvn.digium.com/svn/asterisk/branches/1.6.2

................
  r323579 | seanbright | 2011-06-15 11:22:50 -0400 (Wed, 15 Jun 2011) | 32 lines

  Merged revisions 323559 via svnmerge from
  https://origsvn.digium.com/svn/asterisk/branches/1.4

  ........
    r323559 | seanbright | 2011-06-15 11:15:30 -0400 (Wed, 15 Jun 2011) | 25 lines

    Resolve a segfault/bus error when we try to map memory that falls on a page
    boundary.

    The fix for ASTERISK-15359 was incorrect in that it added 1 to the length of the
    mmap'd region.  The problem with this is that reading/writing to that extra byte
    outside of the bounds of the underlying fd causes a bus error.

    The real issue is that we are working with both a FILE * and the raw fd
    underneath it and not synchronizing between them.  The code that was removed in
    ASTERISK-15359 was correct, but we weren't flushing the FILE * before mapping
    the fd.

    Looking at the manager code in 1.4 reveals that the FILE * in 'struct
    mansession' is never used except to create a temporary file that we immediately
    fdopen.  This means we just need to write a 0 byte to the fd and everything will
    just work.  The other branches require a call to fflush() which, while not a
    guaranteed fix, should reduce the likelihood of a crash.

    This all makes sense in my head.

    (closes issue ASTERISK-16460)
    Reported by: Ravelomanantsoa Hoby (hoby)
    Patches:
    		issue17747_1.4_svn_markII.patch uploaded by Sean Bright (license #5060)
  ........
................


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@323608 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/manager.c | 78 ++++++++++++++++++++++----------------------------
 1 file changed, 35 insertions(+), 43 deletions(-)

diff --git a/main/manager.c b/main/manager.c
index 35df9b2a1b..81162a17c6 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -5468,6 +5468,39 @@ static void xml_translate(struct ast_str **out, char *in, struct ast_variable *g
 	}
 }
 
+static void process_output(struct mansession *s, struct ast_str *out, struct ast_variable *params, enum output_format format)
+{
+	char *buf;
+	size_t l;
+
+	if (!s->f)
+		return;
+
+	/* Ensure buffer is NULL-terminated */
+	fprintf(s->f, "%c", 0);
+	fflush(s->f);
+
+	if ((l = ftell(s->f))) {
+		if (MAP_FAILED == (buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_PRIVATE, s->fd, 0))) {
+			ast_log(LOG_WARNING, "mmap failed.  Manager output was not processed\n");
+		} else {
+			if (format == FORMAT_XML || format == FORMAT_HTML) {
+				xml_translate(&out, buf, params, format);
+			} else {
+				ast_str_append(&out, 0, "%s", buf);
+			}
+			munmap(buf, l);
+		}
+	} else if (format == FORMAT_XML || format == FORMAT_HTML) {
+		xml_translate(&out, "", params, format);
+	}
+
+	fclose(s->f);
+	s->f = NULL;
+	close(s->fd);
+	s->fd = -1;
+}
+
 static int generic_http_callback(struct ast_tcptls_session_instance *ser,
 					     enum ast_http_method method,
 					     enum output_format format,
@@ -5617,29 +5650,7 @@ static int generic_http_callback(struct ast_tcptls_session_instance *ser,
 		ast_str_append(&out, 0, ROW_FMT, TEST_STRING);
 	}
 
-	if (s.f != NULL) {	/* have temporary output */
-		char *buf;
-		size_t l;
-
-		if ((l = ftell(s.f))) {
-			if (MAP_FAILED == (buf = mmap(NULL, l + 1, PROT_READ | PROT_WRITE, MAP_PRIVATE, s.fd, 0))) {
-				ast_log(LOG_WARNING, "mmap failed.  Manager output was not processed\n");
-			} else {
-				buf[l] = '\0';
-				if (format == FORMAT_XML || format == FORMAT_HTML) {
-					xml_translate(&out, buf, params, format);
-				} else {
-					ast_str_append(&out, 0, "%s", buf);
-				}
-				munmap(buf, l + 1);
-			}
-		} else if (format == FORMAT_XML || format == FORMAT_HTML) {
-			xml_translate(&out, "", params, format);
-		}
-		fclose(s.f);
-		s.f = NULL;
-		s.fd = -1;
-	}
+	process_output(&s, out, params, format);
 
 	if (format == FORMAT_XML) {
 		ast_str_append(&out, 0, "</ajax-response>\n");
@@ -5951,26 +5962,7 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
 		"<input type=\"submit\" value=\"Send request\" /></th></tr>\r\n");
 	}
 
-	if (s.f != NULL) {	/* have temporary output */
-		char *buf;
-		size_t l = ftell(s.f);
-
-		if (l) {
-			if ((buf = mmap(NULL, l, PROT_READ | PROT_WRITE, MAP_SHARED, s.fd, 0))) {
-				if (format == FORMAT_XML || format == FORMAT_HTML) {
-					xml_translate(&out, buf, params, format);
-				} else {
-					ast_str_append(&out, 0, "%s", buf);
-				}
-				munmap(buf, l);
-			}
-		} else if (format == FORMAT_XML || format == FORMAT_HTML) {
-			xml_translate(&out, "", params, format);
-		}
-		fclose(s.f);
-		s.f = NULL;
-		s.fd = -1;
-	}
+	process_output(&s, out, params, format);
 
 	if (format == FORMAT_XML) {
 		ast_str_append(&out, 0, "</ajax-response>\n");
-- 
2.47.2