From 1486e84aa294817d80ebf7b00981ff0418ad5465 Mon Sep 17 00:00:00 2001 From: Andrey Volk Date: Fri, 1 Nov 2019 00:05:40 +0400 Subject: [PATCH] [Core] Fix dereference of null pointer in switch_ivr_originate and switch_ivr_enterprise_originate causing crashes, add unit test. --- Freeswitch.2017.sln | 15 ++ src/switch_ivr_originate.c | 7 +- tests/unit/switch_ivr_originate.c | 23 ++ .../test_switch_ivr_originate.2017.vcxproj | 203 ++++++++++++++++++ 4 files changed, 246 insertions(+), 2 deletions(-) create mode 100644 tests/unit/test_switch_ivr_originate.2017.vcxproj diff --git a/Freeswitch.2017.sln b/Freeswitch.2017.sln index c324093a86..adad7bc73e 100644 --- a/Freeswitch.2017.sln +++ b/Freeswitch.2017.sln @@ -588,6 +588,8 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mod_mariadb", "src\mod\data EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test_switch_core_db", "tests\unit\test_switch_core_db.2017.vcxproj", "{580675D7-C1C9-4197-AAC5-00F64FAFDE78}" EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "test_switch_ivr_originate", "tests\unit\test_switch_ivr_originate.2017.vcxproj", "{69A7464A-9B0D-4804-A108-835229DACF58}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution All|Win32 = All|Win32 @@ -2703,6 +2705,18 @@ Global {580675D7-C1C9-4197-AAC5-00F64FAFDE78}.Release|Win32.Build.0 = Release|Win32 {580675D7-C1C9-4197-AAC5-00F64FAFDE78}.Release|x64.ActiveCfg = Release|x64 {580675D7-C1C9-4197-AAC5-00F64FAFDE78}.Release|x64.Build.0 = Release|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.All|Win32.ActiveCfg = Release|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.All|Win32.Build.0 = Release|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.All|x64.ActiveCfg = Release|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.All|x64.Build.0 = Release|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.Debug|Win32.ActiveCfg = Debug|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.Debug|Win32.Build.0 = Debug|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.Debug|x64.ActiveCfg = Debug|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.Debug|x64.Build.0 = Debug|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.Release|Win32.ActiveCfg = Release|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.Release|Win32.Build.0 = Release|Win32 + {69A7464A-9B0D-4804-A108-835229DACF58}.Release|x64.ActiveCfg = Release|x64 + {69A7464A-9B0D-4804-A108-835229DACF58}.Release|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -2916,6 +2930,7 @@ Global {1BA65811-5453-46F6-8190-9ECEEFEB7DF2} = {31C2761D-20E0-4BF8-98B9-E32F0D8DD6E1} {0B612F84-7533-4DEC-AEDD-5C9CBCF15EAC} = {31C2761D-20E0-4BF8-98B9-E32F0D8DD6E1} {580675D7-C1C9-4197-AAC5-00F64FAFDE78} = {9388C266-C3FC-468A-92EF-0CBC35941412} + {69A7464A-9B0D-4804-A108-835229DACF58} = {9388C266-C3FC-468A-92EF-0CBC35941412} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {09840DE7-9208-45AA-9667-1A71EE93BD1E} diff --git a/src/switch_ivr_originate.c b/src/switch_ivr_originate.c index c34767d99a..9e9ebdb19c 100644 --- a/src/switch_ivr_originate.c +++ b/src/switch_ivr_originate.c @@ -1587,7 +1587,7 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_enterprise_originate(switch_core_sess /* extract channel variables, allowing multiple sets of braces */ switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "Parsing ultra-global variables\n"); - while (*data == '<') { + while (data && *data == '<') { char *parsed = NULL; if (switch_event_create_brackets(data, '<', '>', ',', &var_event, &parsed, SWITCH_FALSE) != SWITCH_STATUS_SUCCESS || !parsed) { @@ -2742,7 +2742,10 @@ SWITCH_DECLARE(switch_status_t) switch_ivr_originate(switch_core_session_t *sess end = NULL; - chan_type = peer_names[i]; + if (!(chan_type = peer_names[i])) { + switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_ERROR, "Empty dial string\n"); + switch_goto_status(SWITCH_STATUS_FALSE, done); + } /* strip leading spaces */ diff --git a/tests/unit/switch_ivr_originate.c b/tests/unit/switch_ivr_originate.c index 8cbdfa2a9d..1354e3b921 100644 --- a/tests/unit/switch_ivr_originate.c +++ b/tests/unit/switch_ivr_originate.c @@ -197,6 +197,29 @@ FST_CORE_BEGIN("./conf") switch_dial_handle_destroy(&dh); } FST_TEST_END(); + + FST_TEST_BEGIN(originate_test_empty_dial_string) + { + switch_core_session_t *session = NULL; + switch_channel_t *channel = NULL; + switch_status_t status; + switch_call_cause_t cause; + switch_dial_handle_t *dh; + switch_dial_leg_list_t *ll; + switch_dial_leg_t *leg = NULL; + + switch_dial_handle_create(&dh); + switch_dial_handle_add_leg_list(dh, &ll); + + /* Dial string is NULL */ + switch_dial_leg_list_add_leg(ll, &leg, NULL); + + status = switch_ivr_originate(NULL, &session, &cause, NULL, 0, NULL, NULL, NULL, NULL, NULL, SOF_NONE, NULL, dh); + fst_check(status == SWITCH_STATUS_FALSE); + + switch_dial_handle_destroy(&dh); + } + FST_TEST_END() } FST_SUITE_END() } diff --git a/tests/unit/test_switch_ivr_originate.2017.vcxproj b/tests/unit/test_switch_ivr_originate.2017.vcxproj new file mode 100644 index 0000000000..c0dfd1a281 --- /dev/null +++ b/tests/unit/test_switch_ivr_originate.2017.vcxproj @@ -0,0 +1,203 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + test_switch_ivr_originate + test_switch_ivr_originate + Win32Proj + 10.0.17134.0 + {69A7464A-9B0D-4804-A108-835229DACF58} + + + + Application + MultiByte + v141 + + + Application + MultiByte + v141 + + + Application + MultiByte + v141 + + + Application + MultiByte + v141 + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + $(SolutionDir)$(PlatformName)\$(Configuration)\ + $(PlatformName)\$(Configuration)\ + false + $(SolutionDir)$(PlatformName)\$(Configuration)\ + $(Platform)\$(Configuration)\ + false + $(SolutionDir)$(PlatformName)\$(Configuration)\ + $(PlatformName)\$(Configuration)\ + false + $(SolutionDir)$(Platform)\$(Configuration)\ + $(Platform)\$(Configuration)\ + false + + + + $(SolutionDir)src\include;%(AdditionalIncludeDirectories) + SWITCH_TEST_BASE_DIR_FOR_CONF="..\\..\\tests\\unit\\";%(PreprocessorDefinitions) + + + + + + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + true + 6031;6340;6246;6011;6387;%(DisableSpecificWarnings) + + + $(OutDir);%(AdditionalLibraryDirectories) + true + Console + true + + + MachineX86 + + + + + + X64 + + + Disabled + WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + + Level4 + ProgramDatabase + true + 6031;6340;6246;6011;6387;%(DisableSpecificWarnings) + + + $(OutDir);%(AdditionalLibraryDirectories) + true + Console + true + + + MachineX64 + + + + + + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level4 + ProgramDatabase + 6031;6340;6246;6011;6387;%(DisableSpecificWarnings) + + + $(OutDir);%(AdditionalLibraryDirectories) + false + Console + true + true + true + + + MachineX86 + + + + + + X64 + + + WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level4 + ProgramDatabase + 6031;6340;6246;6011;6387;%(DisableSpecificWarnings) + + + $(OutDir);%(AdditionalLibraryDirectories) + false + Console + true + true + true + + + MachineX64 + + + + + + + + {202d7a4e-760d-4d0e-afa1-d7459ced30ff} + + + + + + \ No newline at end of file