Fix a potential crash due to unsafe datastore handling.

This patch also contains a conversion from using long to time_t
for representing times for a queue, as well as some whitespace
fixes.

(closes issue #14060)
Reported by: nivek
Patches:
      datastore_fixup.patch.corrected uploaded by nivek (license 636)
	  with slight modification from me
Tested by: nivek

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@163080 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/apps/app_queue.c b/apps/app_queue.c
index a0603abe41b95fba054f1d9d274b0c39cf30f663..3636a2c2718c0919e8d65d43024e3903be10ed0e 100644 (file)
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -2576,7 +2576,7 @@ static int calc_metric(struct call_queue *q, struct member *mem, int pos, struct
 struct queue_transfer_ds {
        struct queue_ent *qe;
        struct member *member;
-       int starttime;
+       time_t starttime;
        int callcompletedinsl;
 };
 
@@ -2603,28 +2603,26 @@ static const struct ast_datastore_info queue_transfer_info = {
  * At the end of this, we want to remove the datastore so that this fixup function is not called on any
  * future masquerades of the caller during the current call.
  */
-static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struct ast_channel *new_chan) 
+static void queue_transfer_fixup(void *data, struct ast_channel *old_chan, struct ast_channel *new_chan)
 {
        struct queue_transfer_ds *qtds = data;
        struct queue_ent *qe = qtds->qe;
        struct member *member = qtds->member;
-       int callstart = qtds->starttime;
+       time_t callstart = qtds->starttime;
        int callcompletedinsl = qtds->callcompletedinsl;
        struct ast_datastore *datastore;
 
        ast_queue_log(qe->parent->name, qe->chan->uniqueid, member->membername, "TRANSFER", "%s|%s|%ld|%ld",
-                               new_chan->exten, new_chan->context, (long) (callstart - qe->start),
-                               (long) (time(NULL) - callstart));
+                               new_chan->exten, new_chan->context, (time_t) (callstart - qe->start),
+                               (time_t) (time(NULL) - callstart));
 
        update_queue(qe->parent, member, callcompletedinsl);
        
-       if (!(datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) {
+       if ((datastore = ast_channel_datastore_find(new_chan, &queue_transfer_info, NULL))) {
+               ast_channel_datastore_remove(new_chan, datastore);
+       } else {
                ast_log(LOG_WARNING, "Can't find the queue_transfer datastore.\n");
-               return;
        }
-
-       ast_channel_datastore_remove(new_chan, datastore);
-       ast_channel_datastore_free(datastore);
 }
 
 /*! \brief mechanism to tell if a queue caller was atxferred by a queue member.
@@ -2640,21 +2638,21 @@ static int attended_transfer_occurred(struct ast_channel *chan)
 
 /*! \brief create a datastore for storing relevant info to log attended transfers in the queue_log
  */
-static void setup_transfer_datastore(struct queue_ent *qe, struct member *member, int starttime, int callcompletedinsl)
+static struct ast_datastore *setup_transfer_datastore(struct queue_ent *qe, struct member *member, time_t starttime, int callcompletedinsl)
 {
        struct ast_datastore *ds;
        struct queue_transfer_ds *qtds = ast_calloc(1, sizeof(*qtds));
 
        if (!qtds) {
                ast_log(LOG_WARNING, "Memory allocation error!\n");
-               return;
+               return NULL;
        }
 
        ast_channel_lock(qe->chan);
        if (!(ds = ast_channel_datastore_alloc(&queue_transfer_info, NULL))) {
                ast_channel_unlock(qe->chan);
                ast_log(LOG_WARNING, "Unable to create transfer datastore. queue_log will not show attended transfer\n");
-               return;
+               return NULL;
        }
 
        qtds->qe = qe;
@@ -2665,6 +2663,7 @@ static void setup_transfer_datastore(struct queue_ent *qe, struct member *member
        ds->data = qtds;
        ast_channel_datastore_add(qe->chan, ds);
        ast_channel_unlock(qe->chan);
+       return ds;
 }
 
 
@@ -2728,7 +2727,7 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
        int forwardsallowed = 1;
        int callcompletedinsl;
        struct ao2_iterator memi;
-       struct ast_datastore *datastore;
+       struct ast_datastore *datastore, *transfer_ds;
 
        ast_channel_lock(qe->chan);
        datastore = ast_channel_datastore_find(qe->chan, &dialed_interface_info, NULL);
@@ -3151,11 +3150,11 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
                if (member->status == AST_DEVICE_NOT_INUSE)
                        ast_log(LOG_WARNING, "The device state of this queue member, %s, is still 'Not in Use' when it probably should not be! Please check UPGRADE.txt for correct configuration settings.\n", member->membername);
                        
-               setup_transfer_datastore(qe, member, callstart, callcompletedinsl);
+               transfer_ds = setup_transfer_datastore(qe, member, callstart, callcompletedinsl);
                bridge = ast_bridge_call(qe->chan,peer, &bridge_config);
 
                if (bridge != AST_PBX_KEEPALIVE && !attended_transfer_occurred(qe->chan)) {
-                       struct ast_datastore *transfer_ds;
+                       struct ast_datastore *tds;
                        if (strcasecmp(oldcontext, qe->chan->context) || strcasecmp(oldexten, qe->chan->exten)) {
                                ast_queue_log(queuename, qe->chan->uniqueid, member->membername, "TRANSFER", "%s|%s|%ld|%ld",
                                        qe->chan->exten, qe->chan->context, (long) (callstart - qe->start),
@@ -3195,15 +3194,16 @@ static int try_calling(struct queue_ent *qe, const char *options, char *announce
                                                        qe->parent->eventwhencalled == QUEUE_EVENT_VARIABLES ? vars2manager(qe->chan, vars, sizeof(vars)) : "");
                        }
                        ast_channel_lock(qe->chan);
-                       transfer_ds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL);
-                       if (transfer_ds) {
-                               ast_channel_datastore_remove(qe->chan, transfer_ds);
-                               ast_channel_datastore_free(transfer_ds);
+                       if ((tds = ast_channel_datastore_find(qe->chan, &queue_transfer_info, NULL))) {
+                               ast_channel_datastore_remove(qe->chan, tds);
                        }
                        ast_channel_unlock(qe->chan);
                        update_queue(qe->parent, member, callcompletedinsl);
                }
 
+               if (transfer_ds) {
+                       ast_channel_datastore_free(transfer_ds);
+               }
                if (bridge != AST_PBX_NO_HANGUP_PEER && bridge != AST_PBX_NO_HANGUP_PEER_PARKED)
                        ast_hangup(peer);
                res = bridge ? bridge : 1;
@@ -3447,7 +3447,7 @@ static int set_member_paused(const char *queuename, const char *interface, int p
 /* Reload dynamic queue members persisted into the astdb */
 static void reload_queue_members(void)
 {
-       char *cur_ptr;  
+       char *cur_ptr;
        char *queue_name;
        char *member;
        char *interface;