From: Richard Mudgett <rmudgett@digium.com>
Date: Wed, 24 Jun 2009 21:01:43 +0000 (+0000)
Subject: Improved chan_dahdi.conf pritimer error checking.
X-Git-Tag: 1.4.26~41
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1ac27cf7ec16432540fe38cf1ebf27ad8739b094;p=thirdparty%2Fasterisk.git

Improved chan_dahdi.conf pritimer error checking.

Valid format is: pritimer=timer_name,timer_value

*  Fixed segfault if the ',' is missing.
*  Completely check the range returned by pri_timer2idx() to prevent
possible access outside array bounds.


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@203036 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 9ced0cc6cd..99c745eab2 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -11823,26 +11823,37 @@ static int process_dahdi(struct dahdi_chan_conf *confp, const char *cat, struct
 #endif
 			} else if (!strcasecmp(v->name, "pritimer")) {
 #ifdef PRI_GETSET_TIMERS
-				char *timerc, *c;
-				int timer, timeridx;
-				c = v->value;
+				char tmp[20];
+				char *timerc;
+				char *c;
+				int timer;
+				int timeridx;
+
+				ast_copy_string(tmp, v->value, sizeof(tmp));
+				c = tmp;
 				timerc = strsep(&c, ",");
-				if (timerc) {
+				if (!ast_strlen_zero(timerc) && !ast_strlen_zero(c)) {
+					timeridx = pri_timer2idx(timerc);
 					timer = atoi(c);
-					if (!timer)
-						ast_log(LOG_WARNING, "'%s' is not a valid value for an ISDN timer\n", timerc);
-					else {
-						if ((timeridx = pri_timer2idx(timerc)) >= 0)
-							pritimers[timeridx] = timer;
-						else
-							ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer\n", timerc);
+					if (timeridx < 0 || PRI_MAX_TIMERS <= timeridx) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid ISDN timer at line %d.\n", timerc,
+							v->lineno);
+					} else if (!timer) {
+						ast_log(LOG_WARNING,
+							"'%s' is not a valid value for ISDN timer '%s' at line %d.\n",
+							c, timerc, v->lineno);
+					} else {
+						pritimers[timeridx] = timer;
 					}
-				} else
-					ast_log(LOG_WARNING, "'%s' is not a valid ISDN timer configuration string\n", v->value);
-
+				} else {
+					ast_log(LOG_WARNING,
+						"'%s' is not a valid ISDN timer configuration string at line %d.\n",
+						v->value, v->lineno);
+				}
+#endif /* PRI_GETSET_TIMERS */
 			} else if (!strcasecmp(v->name, "facilityenable")) {
 				confp->pri.facilityenable = ast_true(v->value);
-#endif /* PRI_GETSET_TIMERS */
 #endif /* HAVE_PRI */
 			} else if (!strcasecmp(v->name, "cadence")) {
 				/* setup to scan our argument */