From: David M. Lee Date: Wed, 21 Aug 2013 16:23:59 +0000 (+0000) Subject: ARI: Correct segfault with /variable calls are missing ?variable parameter. X-Git-Tag: 13.0.0-beta1~1236 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5762c1b4ac5c1519463b31ab7078fcd9cb55a393;p=thirdparty%2Fasterisk.git ARI: Correct segfault with /variable calls are missing ?variable parameter. Both /asterisk/variable and /channel/{channelId}/variable requires a ?variable parameter to be passed into the query. But we weren't checking for the parameter being missing, which caused a segfault. All calls now properly return 400 Bad Request errors when the parameter is missing. The Swagger api-docs were updated accordingly. (closes issue ASTERISK-22273) git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397306 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/res/ari/resource_asterisk.c b/res/ari/resource_asterisk.c index 6f2eb80272..268c071326 100644 --- a/res/ari/resource_asterisk.c +++ b/res/ari/resource_asterisk.c @@ -143,12 +143,20 @@ void ast_ari_get_asterisk_info(struct ast_variable *headers, void ast_ari_get_global_var(struct ast_variable *headers, struct ast_get_global_var_args *args, struct ast_ari_response *response) { RAII_VAR(struct ast_json *, json, NULL, ast_json_unref); - RAII_VAR(struct ast_str *, tmp, ast_str_create(32), ast_free); + RAII_VAR(struct ast_str *, tmp, NULL, ast_free); const char *value; ast_assert(response != NULL); + if (ast_strlen_zero(args->variable)) { + ast_ari_response_error( + response, 400, "Bad Request", + "Variable name is required"); + return; + } + + tmp = ast_str_create(32); if (!tmp) { ast_ari_response_alloc_failed(response); return; diff --git a/res/ari/resource_channels.c b/res/ari/resource_channels.c index dd323bac5b..29ceb778f2 100644 --- a/res/ari/resource_channels.c +++ b/res/ari/resource_channels.c @@ -648,8 +648,16 @@ void ast_ari_get_channel_var(struct ast_variable *headers, struct ast_get_channe ast_assert(response != NULL); + if (ast_strlen_zero(args->variable)) { + ast_ari_response_error( + response, 400, "Bad Request", + "Variable name is required"); + return; + } + control = find_control(response, args->channel_id); if (control == NULL) { + /* response filled in by find_control */ return; } @@ -669,11 +677,6 @@ void ast_ari_set_channel_var(struct ast_variable *headers, struct ast_set_channe ast_assert(response != NULL); - control = find_control(response, args->channel_id); - if (control == NULL) { - return; - } - if (ast_strlen_zero(args->variable)) { ast_ari_response_error( response, 400, "Bad Request", @@ -681,6 +684,12 @@ void ast_ari_set_channel_var(struct ast_variable *headers, struct ast_set_channe return; } + control = find_control(response, args->channel_id); + if (control == NULL) { + /* response filled in by find_control */ + return; + } + if (stasis_app_control_set_channel_var(control, args->variable, args->value)) { ast_ari_response_error( response, 400, "Bad Request", diff --git a/res/res_ari_asterisk.c b/res/res_ari_asterisk.c index dce634e8ae..3f34c7ab64 100644 --- a/res/res_ari_asterisk.c +++ b/res/res_ari_asterisk.c @@ -175,6 +175,7 @@ static void ast_ari_get_global_var_cb( break; case 500: /* Internal Server Error */ case 501: /* Not Implemented */ + case 400: /* Missing variable parameter. */ is_valid = 1; break; default: @@ -234,6 +235,7 @@ static void ast_ari_set_global_var_cb( break; case 500: /* Internal Server Error */ case 501: /* Not Implemented */ + case 400: /* Missing variable parameter. */ is_valid = 1; break; default: diff --git a/res/res_ari_channels.c b/res/res_ari_channels.c index 8a6687bc20..063e766f1d 100644 --- a/res/res_ari_channels.c +++ b/res/res_ari_channels.c @@ -1055,6 +1055,7 @@ static void ast_ari_get_channel_var_cb( break; case 500: /* Internal Server Error */ case 501: /* Not Implemented */ + case 400: /* Missing variable parameter. */ case 404: /* Channel not found */ case 409: /* Channel not in a Stasis application */ is_valid = 1; @@ -1122,6 +1123,7 @@ static void ast_ari_set_channel_var_cb( break; case 500: /* Internal Server Error */ case 501: /* Not Implemented */ + case 400: /* Missing variable parameter. */ case 404: /* Channel not found */ case 409: /* Channel not in a Stasis application */ is_valid = 1; diff --git a/rest-api/api-docs/asterisk.json b/rest-api/api-docs/asterisk.json index cbed1895cf..723c6d8207 100644 --- a/rest-api/api-docs/asterisk.json +++ b/rest-api/api-docs/asterisk.json @@ -55,6 +55,12 @@ "allowMultiple": false, "dataType": "string" } + ], + "errorResponses": [ + { + "code": 400, + "reason": "Missing variable parameter." + } ] }, { @@ -79,6 +85,12 @@ "allowMultiple": false, "dataType": "string" } + ], + "errorResponses": [ + { + "code": 400, + "reason": "Missing variable parameter." + } ] } ] diff --git a/rest-api/api-docs/channels.json b/rest-api/api-docs/channels.json index 41b6cc08c6..0f3b8e20e6 100644 --- a/rest-api/api-docs/channels.json +++ b/rest-api/api-docs/channels.json @@ -753,6 +753,10 @@ } ], "errorResponses": [ + { + "code": 400, + "reason": "Missing variable parameter." + }, { "code": 404, "reason": "Channel not found" @@ -795,6 +799,10 @@ } ], "errorResponses": [ + { + "code": 400, + "reason": "Missing variable parameter." + }, { "code": 404, "reason": "Channel not found"