[Home]

Summary:ASTERISK-25893: Function vmauthenticate accesses uninitialized memory
Reporter:Filip Jenicek (phill)Labels:
Date Opened:2016-04-06 06:05:25Date Closed:2017-03-23 15:56:34
Priority:MajorRegression?No
Status:Closed/CompleteComponents:Applications/app_voicemail
Versions:13.7.2 Frequency of
Occurrence
Related
Issues:
Environment:Attachments:
Description:The problem is in function vmauthenticate, on lines
{code}
if (!vm_authenticate(chan, mailbox, sizeof(mailbox), &vmus, context, NULL, skipuser, 3, silent)) {
pbx_builtin_setvar_helper(chan, "AUTH_MAILBOX", mailbox);
pbx_builtin_setvar_helper(chan, "AUTH_CONTEXT", vmus.context);
{code}

If skipuser>0, then vm_authenticate does not fill the vmus variable, because of the condition:
{code}
if (vmu && !skipuser) {
memcpy(res_vmu, vmu, sizeof(struct ast_vm_user));
}
{code}

The result is that AUTH_CONTEXT is set with an uninitialized memory, following errors are logged:
{code}
[06/Apr/2016 04:51:12] asterisk[32621] [C-00000000]json.c:704 in ast_json_vpack: Error building JSON from '{s: s, s: s}': Invalid UTF-8 string.
[06/Apr/2016 04:51:12] asterisk[32621] [C-00000000]stasis_channels.c:774 in ast_channel_publish_varset: Error creating message name=AUTH_CONTEXT value=ެ��
{code}
Comments:By: Asterisk Team (asteriskteam) 2016-04-06 06:05:26.502-0500

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

By: Rusty Newton (rnewton) 2016-04-06 15:30:32.897-0500

Thanks for the report. Do you want to provide a patch on Gerrit[1] to help get a fix in faster?

[1]: https://wiki.asterisk.org/wiki/display/AST/Gerrit+Usage



By: Asterisk Team (asteriskteam) 2016-04-21 12:00:01.047-0500

Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1].

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

By: Friendly Automation (friendly-automation) 2017-02-20 18:15:40.473-0600

Change 5019 merged by zuul:
app_voicemail: vm_authenticate accesses uninitialized memory

[https://gerrit.asterisk.org/5019|https://gerrit.asterisk.org/5019]

By: Friendly Automation (friendly-automation) 2017-02-20 18:20:23.588-0600

Change 5020 merged by zuul:
app_voicemail: vm_authenticate accesses uninitialized memory

[https://gerrit.asterisk.org/5020|https://gerrit.asterisk.org/5020]

By: Friendly Automation (friendly-automation) 2017-02-20 18:30:25.959-0600

Change 5021 merged by zuul:
app_voicemail: vm_authenticate accesses uninitialized memory

[https://gerrit.asterisk.org/5021|https://gerrit.asterisk.org/5021]