[asterisk] Fix AST-2011-012

Jeffrey C. Ollie jcollie at fedoraproject.org
Tue Oct 18 14:21:50 UTC 2011 

commit b4f70355fd8e423e0dc2bddb85990f20044e82f1
Author: Jeffrey C. Ollie <jeff at ocjtech.us>
Date:   Tue Oct 18 09:21:38 2011 -0500

    Fix AST-2011-012

 ...les.conf-so-that-different-voicemail-modu.patch |    4 +-
 0002-Fix-up-some-paths.patch                       |    4 +-
 ...hema-that-is-compatible-with-Fedora-Direc.patch |    4 +-
 0004-Build-against-an-external-libedit.patch       |    4 +-
 ...e-cli_complete-to-avoid-compilation-error.patch |    4 +-
 ...ialize-variables-before-calling-parse_uri.patch |   43 ++++++++++++++++++++
 asterisk.spec                                      |    5 ++-
 7 files changed, 57 insertions(+), 11 deletions(-)
---
diff --git a/0001-Modify-modules.conf-so-that-different-voicemail-modu.patch b/0001-Modify-modules.conf-so-that-different-voicemail-modu.patch
index 973cb26..58d1847 100644
--- a/0001-Modify-modules.conf-so-that-different-voicemail-modu.patch
+++ b/0001-Modify-modules.conf-so-that-different-voicemail-modu.patch
@@ -1,7 +1,7 @@
-From da59c1b4d83bbee2d9d82e98d0b6bf4dfa35fcc6 Mon Sep 17 00:00:00 2001
+From c38ca7dce403630b166d06ea6fb3e867fe9772c0 Mon Sep 17 00:00:00 2001
 From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
 Date: Wed, 28 Jul 2010 07:23:49 -0500
-Subject: [PATCH 1/5] Modify modules.conf so that different voicemail modules
+Subject: [PATCH 1/6] Modify modules.conf so that different voicemail modules
  don't load at the same time.
 
 ---
diff --git a/0002-Fix-up-some-paths.patch b/0002-Fix-up-some-paths.patch
index c66ed93..4fcf704 100644
--- a/0002-Fix-up-some-paths.patch
+++ b/0002-Fix-up-some-paths.patch
@@ -1,7 +1,7 @@
-From 36c8d5593d65598533e429f58c06f7747188ceab Mon Sep 17 00:00:00 2001
+From 99931f9e126bf7e53cae571cfd60df1ee47daf71 Mon Sep 17 00:00:00 2001
 From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
 Date: Wed, 28 Jul 2010 07:27:48 -0500
-Subject: [PATCH 2/5] Fix up some paths
+Subject: [PATCH 2/6] Fix up some paths
 
 ---
  UPGRADE-1.4.txt                             |    2 +-
diff --git a/0003-Add-LDAP-schema-that-is-compatible-with-Fedora-Direc.patch b/0003-Add-LDAP-schema-that-is-compatible-with-Fedora-Direc.patch
index 656e929..6fd52ca 100644
--- a/0003-Add-LDAP-schema-that-is-compatible-with-Fedora-Direc.patch
+++ b/0003-Add-LDAP-schema-that-is-compatible-with-Fedora-Direc.patch
@@ -1,7 +1,7 @@
-From e5318c647a8356149f08ec2eb908f39d0f1a21de Mon Sep 17 00:00:00 2001
+From 51c76365c8093e6e3d65e5ddcfe7517c70d27437 Mon Sep 17 00:00:00 2001
 From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
 Date: Sun, 4 Jan 2009 19:22:39 -0600
-Subject: [PATCH 3/5] Add LDAP schema that is compatible with Fedora Directory
+Subject: [PATCH 3/6] Add LDAP schema that is compatible with Fedora Directory
  Server.
 
 ---
diff --git a/0004-Build-against-an-external-libedit.patch b/0004-Build-against-an-external-libedit.patch
index 0f9af98..c3a205a 100644
--- a/0004-Build-against-an-external-libedit.patch
+++ b/0004-Build-against-an-external-libedit.patch
@@ -1,7 +1,7 @@
-From edc69c158e5b98a2119ce2ab4775d068ca8db5de Mon Sep 17 00:00:00 2001
+From 53cfcfc09c5e1cd3969d2c295696bac93cf84923 Mon Sep 17 00:00:00 2001
 From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
 Date: Fri, 14 Oct 2011 10:39:29 -0500
-Subject: [PATCH 4/5] Build against an external libedit.
+Subject: [PATCH 4/6] Build against an external libedit.
 
 The Asterisk tarball includes a very old copy of the editline library
 that manages command line history and editing.  Fedora (and several
diff --git a/0005-Change-cli_complete-to-avoid-compilation-error.patch b/0005-Change-cli_complete-to-avoid-compilation-error.patch
index a316f55..478f9cb 100644
--- a/0005-Change-cli_complete-to-avoid-compilation-error.patch
+++ b/0005-Change-cli_complete-to-avoid-compilation-error.patch
@@ -1,7 +1,7 @@
-From 7cef3031e02ebff0905abadbe6d54ee1ddc819dc Mon Sep 17 00:00:00 2001
+From 30987c4f0a2601b75c3076f9332fb64fe50ff822 Mon Sep 17 00:00:00 2001
 From: "Jeffrey C. Ollie" <jeff at ocjtech.us>
 Date: Fri, 14 Oct 2011 11:21:26 -0500
-Subject: [PATCH 5/5] Change cli_complete to avoid compilation error:
+Subject: [PATCH 5/6] Change cli_complete to avoid compilation error:
 
 error: assignment of read-only location '*lf->cursor'
 ---
diff --git a/0006-Initialize-variables-before-calling-parse_uri.patch b/0006-Initialize-variables-before-calling-parse_uri.patch
new file mode 100644
index 0000000..9f55ace
--- /dev/null
+++ b/0006-Initialize-variables-before-calling-parse_uri.patch
@@ -0,0 +1,43 @@
+From 9b6b7d18e81426ada53b388ae76ac81ec027203d Mon Sep 17 00:00:00 2001
+From: Terry Wilson <twilson at digium.com>
+Date: Mon, 17 Oct 2011 17:35:23 +0000
+Subject: [PATCH 6/6] Initialize variables before calling parse_uri
+
+If parse_uri was called with an empty URI, some pointers would be
+modified and an invalid read could result. This patch avoids calling
+parse_uri with an empty contact uri when parsing REGISTER requests.
+
+AST-2011-012
+
+(closes issue ASTERISK-18668)
+
+git-svn-id: http://svn.asterisk.org/svn/asterisk/branches/1.8@341189 f38db490-d61c-443f-a65b-d21fe96a405b
+---
+ channels/chan_sip.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/channels/chan_sip.c b/channels/chan_sip.c
+index 5dedd59..f786ce1 100644
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -13796,7 +13796,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
+ 	char data[SIPBUFSIZE];
+ 	const char *expires = sip_get_header(req, "Expires");
+ 	int expire = atoi(expires);
+-	char *curi, *domain, *transport;
++	char *curi = NULL, *domain = NULL, *transport = NULL;
+ 	int transport_type;
+ 	const char *useragent;
+ 	struct ast_sockaddr oldsin, testsa;
+@@ -13874,7 +13874,7 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
+ 	ast_string_field_build(pvt, our_contact, "<%s>", curi);
+ 
+ 	/* Make sure it's a SIP URL */
+-	if (parse_uri_legacy_check(curi, "sip:,sips:", &curi, NULL, &domain, &transport)) {
++	if (ast_strlen_zero(curi) || parse_uri_legacy_check(curi, "sip:,sips:", &curi, NULL, &domain, &transport)) {
+ 		ast_log(LOG_NOTICE, "Not a valid SIP contact (missing sip:/sips:) trying to use anyway\n");
+ 	}
+ 
+-- 
+1.7.6.4
+
diff --git a/asterisk.spec b/asterisk.spec
index bda1e5d..864d506 100644
--- a/asterisk.spec
+++ b/asterisk.spec
@@ -18,7 +18,7 @@
 Summary: The Open Source PBX
 Name: asterisk
 Version: 10.0.0
-Release: 0.3%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
+Release: 0.4%{?_rc:.rc%{_rc}}%{?_beta:.beta%{_beta}}%{?dist}
 License: GPLv2
 Group: Applications/Internet
 URL: http://www.asterisk.org/
@@ -1257,6 +1257,9 @@ fi
 %{_libdir}/asterisk/modules/app_voicemail_plain.so
 
 %changelog
+* Tue Oct 18 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 10.0.0-0.4.beta2
+- Add patch from upstream SVN to fix AST-2011-012
+
 * Fri Oct 14 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 10.0.0-0.3.beta2
 - Patch cleanup day

More information about the scm-commits mailing list