From 868be02a2f33e77473ceebe89023af51a2459404 Mon Sep 17 00:00:00 2001 From: Richard Mudgett Date: Tue, 27 Aug 2013 16:51:08 +0000 Subject: [PATCH] Fix uninitialized value in struct ast_control_pvt_cause_code usage. ........ Merged revisions 397744 from http://svn.asterisk.org/svn/asterisk/branches/11 ........ Merged revisions 397745 from http://svn.asterisk.org/svn/asterisk/branches/12 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397746 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_dahdi.c | 1 + channels/chan_iax2.c | 1 + channels/chan_motif.c | 8 ++++---- channels/chan_sip.c | 1 + channels/sig_analog.c | 1 + channels/sig_pri.c | 1 + channels/sig_ss7.c | 1 + 7 files changed, 10 insertions(+), 4 deletions(-) diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c index b4078b15f3..957ad6fed3 100644 --- a/channels/chan_dahdi.c +++ b/channels/chan_dahdi.c @@ -3686,6 +3686,7 @@ static void dahdi_r2_on_call_disconnect(openr2_chan_t *r2chan, openr2_call_disco snprintf(cause_str, sizeof(cause_str), "R2 DISCONNECT (%s)", openr2_proto_get_disconnect_string(cause)); datalen += strlen(cause_str); cause_code = ast_alloca(datalen); + memset(cause_code, 0, datalen); cause_code->ast_cause = dahdi_r2_cause_to_ast_cause(cause); ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME); ast_copy_string(cause_code->code, cause_str, datalen + 1 - sizeof(*cause_code)); diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index 1b910a14a0..1984fc7985 100644 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -9996,6 +9996,7 @@ static int socket_process_helper(struct iax2_thread *thread) data_size += strlen(subclass); cause_code = ast_alloca(data_size); + memset(cause_code, 0, data_size); ast_copy_string(cause_code->chan_name, ast_channel_name(iaxs[fr->callno]->owner), AST_CHANNEL_NAME); cause_code->ast_cause = ies.causecode; diff --git a/channels/chan_motif.c b/channels/chan_motif.c index c77d0c0d2d..72118ce104 100644 --- a/channels/chan_motif.c +++ b/channels/chan_motif.c @@ -2532,7 +2532,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st /* Size of the string making up the cause code is "Motif " + text */ data_size += 6 + strlen(iks_name(text)); - cause_code = ast_malloc(data_size); + cause_code = ast_alloca(data_size); + memset(cause_code, 0, data_size); /* Get the appropriate cause code mapping for this reason */ for (i = 0; i < ARRAY_LEN(jingle_reason_mappings); i++) { @@ -2546,7 +2547,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "Motif %s", iks_name(text)); } else { /* No technology specific information is available */ - cause_code = ast_malloc(data_size); + cause_code = ast_alloca(data_size); + memset(cause_code, 0, data_size); } ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME); @@ -2554,8 +2556,6 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st ast_queue_control_data(chan, AST_CONTROL_PVT_CAUSE_CODE, cause_code, data_size); ast_channel_hangupcause_hash_set(chan, cause_code, data_size); - ast_free(cause_code); - ast_debug(3, "Hanging up channel '%s' due to session terminate message with cause '%d'\n", ast_channel_name(chan), cause); ast_queue_hangup_with_cause(chan, cause); session->gone = 1; diff --git a/channels/chan_sip.c b/channels/chan_sip.c index e4596a892f..58ee175c54 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -27987,6 +27987,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as /* size of the string making up the cause code is "SIP " + cause length */ data_size += 4 + strlen(REQ_OFFSET_TO_STR(req, rlpart2)); cause_code = ast_alloca(data_size); + memset(cause_code, 0, data_size); ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME); diff --git a/channels/sig_analog.c b/channels/sig_analog.c index c7885403f4..d1ed673786 100644 --- a/channels/sig_analog.c +++ b/channels/sig_analog.c @@ -2715,6 +2715,7 @@ static struct ast_frame *__analog_handle_event(struct analog_pvt *p, struct ast_ subclass = analog_event2str(res); data_size += strlen(subclass); cause_code = ast_alloca(data_size); + memset(cause_code, 0, data_size); cause_code->ast_cause = AST_CAUSE_NORMAL_CLEARING; ast_copy_string(cause_code->chan_name, ast_channel_name(ast), AST_CHANNEL_NAME); snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "ANALOG %s", subclass); diff --git a/channels/sig_pri.c b/channels/sig_pri.c index b6a04b67fa..a6d134e1b3 100644 --- a/channels/sig_pri.c +++ b/channels/sig_pri.c @@ -1404,6 +1404,7 @@ static void pri_queue_pvt_cause_data(struct sig_pri_span *pri, int chanpos, cons if (chan) { int datalen = sizeof(*cause_code) + strlen(cause); cause_code = ast_alloca(datalen); + memset(cause_code, 0, datalen); cause_code->ast_cause = ast_cause; ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME); ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code)); diff --git a/channels/sig_ss7.c b/channels/sig_ss7.c index d5a92c332c..baf152d4e9 100644 --- a/channels/sig_ss7.c +++ b/channels/sig_ss7.c @@ -411,6 +411,7 @@ static void ss7_queue_pvt_cause_data(struct ast_channel *owner, const char *caus int datalen = sizeof(*cause_code) + strlen(cause); cause_code = ast_alloca(datalen); + memset(cause_code, 0, datalen); cause_code->ast_cause = ast_cause; ast_copy_string(cause_code->chan_name, ast_channel_name(owner), AST_CHANNEL_NAME); ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code));