Using the GetVar handler in AMI is potentially dangerous (insta-crash [tm]) when...

We'll create a bogus channel for the function call and destroy it when we're done. If we have trouble allocating the bogus channel then we're not going to try executing the function call at all and run the risk of crashing.

(closes issue #13715)
reported by: makoto
patch by: bweschke

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@150817 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/main/manager.c b/main/manager.c
index ce21757c63a3e061aee91b10fe417c050dfe363c..a865e0fe0acc45b0b88fa86716430a7ea7701958 100644 (file)
--- a/main/manager.c
+++ b/main/manager.c
@@ -1805,8 +1805,15 @@ static int action_getvar(struct mansession *s, const struct message *m)
        }
 
        if (varname[strlen(varname) - 1] == ')') {
-
-               ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
+               if (!c) {
+                       c = ast_channel_alloc(0, 0, "", "", "", "", "", 0, "Bogus/%p", NULL);
+                       if (c) {
+                               ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
+                               ast_channel_free(c);
+                       } else
+                               ast_log(LOG_ERROR, "Unable to allocate bogus channel for variable substitution.  Function results may be blank.\n");
+               } else
+                       ast_func_read(c, (char *) varname, workspace, sizeof(workspace));
                varval = workspace;
        } else {
                pbx_retrieve_variable(c, varname, &varval, workspace, sizeof(workspace), NULL);