Merged revisions 294989 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r294989 | tilghman | 2010-11-15 01:44:38 -0600 (Mon, 15 Nov 2010) | 15 lines Merged revisions 294988 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ........ r294988 | tilghman | 2010-11-15 01:42:39 -0600 (Mon, 15 Nov 2010) | 8 lines It is possible to crash Asterisk by feeding the curl engine invalid data. (closes issue #18161) Reported by: wdoekes Patches: 20101029__issue18161.diff.txt uploaded by tilghman (license 14) Tested by: tilghman ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@294990 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Merged revisions 294989 via svnmerge from
53357354 · Tilghman Lesher · 6751c4f2 · 53357354
Commit 53357354 authored 14 years ago by Tilghman Lesher
--- a/funcs/func_curl.c
+++ b/funcs/func_curl.c
@@ -529,8 +529,11 @@ static int acf_curl_helper(struct ast_channel *chan, const char *cmd, char *info
 			struct ast_str *fields = ast_str_create(ast_str_strlen(str) / 2);
 			struct ast_str *values = ast_str_create(ast_str_strlen(str) / 2);
 			int rowcount = 0;
-			while ((piece = strsep(&remainder, "&"))) {
+			while (fields && values && (piece = strsep(&remainder, "&"))) {
 				char *name = strsep(&piece, "=");
+				if (!piece) {
+					piece = "";
+				}
 				ast_uri_decode(piece);
 				ast_uri_decode(name);
 				ast_str_append(&fields, 0, "%s%s", rowcount ? "," : "", name);