diff --git a/apps/app_chanspy.c b/apps/app_chanspy.c
index 23b4ab04ed93dd0c5d786413f96975377eb98a66..07cc3d666170a0fe95acc2ebc5b56296f893c92c 100644
--- a/apps/app_chanspy.c
+++ b/apps/app_chanspy.c
@@ -763,12 +763,10 @@ static int common_exec(struct ast_channel *chan, struct ast_flags *flags,
const char *context, const char *mailbox, const char *name_context)
{
char nameprefix[AST_NAME_STRLEN];
- char peer_name[AST_NAME_STRLEN + 5];
char exitcontext[AST_MAX_CONTEXT] = "";
signed char zero_volume = 0;
int waitms;
int res;
- char *ptr;
int num_spyed_upon = 1;
struct ast_channel_iterator *iter = NULL;
@@ -858,7 +856,6 @@ static int common_exec(struct ast_channel *chan, struct ast_flags *flags,
next_channel(iter, autochan, chan), next_autochan = NULL) {
int igrp = !mygroup;
int ienf = !myenforced;
- char *s;
if (autochan->chan == prev) {
ast_autochan_destroy(autochan);
@@ -943,20 +940,30 @@ static int common_exec(struct ast_channel *chan, struct ast_flags *flags,
continue;
}
- strcpy(peer_name, "spy-");
- strncat(peer_name, ast_channel_name(autochan->chan), AST_NAME_STRLEN - 4 - 1);
- ptr = strchr(peer_name, '/');
- *ptr++ = '\0';
- ptr = strsep(&ptr, "-");
-
- for (s = peer_name; s < ptr; s++)
- *s = tolower(*s);
-
if (!ast_test_flag(flags, OPTION_QUIET)) {
+ char peer_name[AST_NAME_STRLEN + 5];
+ char *ptr, *s;
+
+ strcpy(peer_name, "spy-");
+ strncat(peer_name, ast_channel_name(autochan->chan), AST_NAME_STRLEN - 4 - 1);
+ if ((ptr = strchr(peer_name, '/'))) {
+ *ptr++ = '\0';
+ for (s = peer_name; s < ptr; s++) {
+ *s = tolower(*s);
+ }
+ if ((s = strchr(ptr, '-'))) {
+ *s = '\0';
+ }
+ }
+
if (ast_test_flag(flags, OPTION_NAME)) {
const char *local_context = S_OR(name_context, "default");
const char *local_mailbox = S_OR(mailbox, ptr);
- res = ast_app_sayname(chan, local_mailbox, local_context);
+ if (local_mailbox) {
+ res = ast_app_sayname(chan, local_mailbox, local_context);
+ } else {
+ res = -1;
+ }
}
if (!ast_test_flag(flags, OPTION_NAME) || res < 0) {
int num;
@@ -974,7 +981,7 @@ static int common_exec(struct ast_channel *chan, struct ast_flags *flags,
res = ast_say_character_str(chan, peer_name, "", ast_channel_language(chan));
}
}
- if ((num = atoi(ptr))) {
+ if (ptr && (num = atoi(ptr))) {
ast_say_digits(chan, num, "", ast_channel_language(chan));
}
}
diff --git a/apps/app_followme.c b/apps/app_followme.c
index 99fb38f43ff68fb71ef35d341f030261fad28dbf..10d165acac995258ccba95f31ef1eeb07af93a68 100644
--- a/apps/app_followme.c
+++ b/apps/app_followme.c
@@ -904,6 +904,10 @@ static void findmeexec(struct fm_args *tpargs)
struct findme_user_listptr *findme_user_list;
findme_user_list = ast_calloc(1, sizeof(*findme_user_list));
+ if (!findme_user_list) {
+ ast_log(LOG_WARNING, "Failed to allocate memory for findme_user_list\n");
+ return;
+ }
AST_LIST_HEAD_INIT_NOLOCK(findme_user_list);
/* We're going to figure out what the longest possible string of digits to collect is */
diff --git a/apps/app_stack.c b/apps/app_stack.c
index 355591e74f1239d274fe7ec3d793ed25ed7f5ce1..eca3e8398a79997306b1dc7618a90ba60fafd9b5 100644
--- a/apps/app_stack.c
+++ b/apps/app_stack.c
@@ -764,8 +764,15 @@ static int handle_gosub(struct ast_channel *chan, AGI *agi, int argc, const char
struct ast_pbx *pbx = ast_channel_pbx(chan);
struct ast_pbx_args args;
struct ast_datastore *stack_store = ast_channel_datastore_find(chan, &stack_info, NULL);
- AST_LIST_HEAD(,gosub_stack_frame) *oldlist = stack_store->data;
- struct gosub_stack_frame *cur = AST_LIST_FIRST(oldlist);
+ AST_LIST_HEAD(,gosub_stack_frame) *oldlist;
+ struct gosub_stack_frame *cur;
+ if (!stack_store) {
+ ast_log(LOG_WARNING, "No GoSub stack remaining after AGI GoSub execution.\n");
+ ast_free(gosub_args);
+ return RESULT_FAILURE;
+ }
+ oldlist = stack_store->data;
+ cur = AST_LIST_FIRST(oldlist);
cur->is_agi = 1;
memset(&args, 0, sizeof(args));
diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index 0f9cad5d803637a0046f0275c3b78bc96ff49105..54b199a0b9bbb46f1dc69120fbefc94cc28681f4 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -11724,6 +11724,10 @@ static void mwi_unsub_event_cb(const struct ast_event *event, void *userdata)
if (ast_event_get_ie_uint(event, AST_EVENT_IE_EVENTTYPE) != AST_EVENT_MWI)
return;
+ if (!uniqueid) {
+ ast_log(LOG_ERROR, "Unable to allocate memory for uniqueid\n");
+ return;
+ }
u = ast_event_get_ie_uint(event, AST_EVENT_IE_UNIQUEID);
*uniqueid = u;
if (ast_taskprocessor_push(mwi_subscription_tps, handle_unsubscribe, uniqueid) < 0) {
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index acc585372a2e57cb12377cc0aab6071f91bee5eb..baee946f2a6667a83ccbbfd925ab3bc80fd82194 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -13060,6 +13060,11 @@ static int set_config(const char *config_file, int reload)
ast_config_destroy(ucfg);
return 0;
}
+ if (!cfg) {
+ /* should have been able to load the config here */
+ ast_log(LOG_ERROR, "Unable to load config %s again\n", config_file);
+ return -1;
+ }
} else if (cfg == CONFIG_STATUS_FILEINVALID) {
ast_log(LOG_ERROR, "Config file %s is in an invalid format. Aborting.\n", config_file);
return 0;
@@ -13937,7 +13942,9 @@ static int function_iaxpeer(struct ast_channel *chan, const char *cmd, char *dat
} else if (!strncasecmp(colname, "codec[", 6)) {
char *codecnum, *ptr;
struct ast_format tmpfmt;
- codecnum = strchr(colname, '[');
+
+ /* skip over "codec" to the '[' */
+ codecnum = colname + 5;
*codecnum = '\0';
codecnum++;
if ((ptr = strchr(codecnum, ']'))) {
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 8579a96389b7006cf7c5f2ef66c48e4a4e357721..71ca637fc0bc757d52a9060b40def09e0c02a3b3 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -15775,7 +15775,9 @@ static int get_rdnis(struct sip_pvt *p, struct sip_request *oreq, char **name, c
char *end_quote;
rname = tmp + 1;
end_quote = strchr(rname, '\"');
- *end_quote = '\0';
+ if (end_quote) {
+ *end_quote = '\0';
+ }
}
if (number) {
@@ -25219,6 +25221,7 @@ static int cc_esc_publish_handler(struct sip_pvt *pvt, struct sip_request *req,
* document earlier. So there's no need to enclose this operation in an if statement.
*/
tuple_children = ast_xml_node_get_children(tuple_node);
+ /* coverity[null_returns: FALSE] */
status_node = ast_xml_find_element(tuple_children, "status", NULL, NULL);
if (!(status_children = ast_xml_node_get_children(status_node))) {
@@ -25550,7 +25553,8 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
struct sip_peer *authpeer = NULL;
const char *eventheader = sip_get_header(req, "Event"); /* Get Event package name */
int resubscribe = (p->subscribed != NONE) && !req->ignore;
- char *temp, *event;
+ char *event_end;
+ ptrdiff_t event_len = 0;
if (p->initreq.headers) {
/* We already have a dialog */
@@ -25612,13 +25616,10 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
return 0;
}
- if ( (strchr(eventheader, ';'))) {
- event = ast_strdupa(eventheader); /* Since eventheader is a const, we can't change it */
- temp = strchr(event, ';');
- *temp = '\0'; /* Remove any options for now */
- /* We might need to use them later :-) */
- } else
- event = (char *) eventheader; /* XXX is this legal ? */
+ event_end = strchr(eventheader, ';');
+ if (event_end) {
+ event_len = event_end - eventheader;
+ }
/* Handle authentication if we're new and not a retransmission. We can't just
* use if !req->ignore, because then we'll end up sending
@@ -25657,7 +25658,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
return 0;
}
- if (strcmp(event, "message-summary") && strcmp(event, "call-completion")) {
+ if (strncmp(eventheader, "message-summary", MAX(event_len, 15)) && strncmp(eventheader, "call-completion", MAX(event_len, 15))) {
/* Get destination right away */
gotdest = get_destination(p, NULL, NULL);
}
@@ -25683,7 +25684,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
if (ast_strlen_zero(p->tag))
make_our_tag(p->tag, sizeof(p->tag));
- if (!strcmp(event, "presence") || !strcmp(event, "dialog")) { /* Presence, RFC 3842 */
+ if (!strncmp(eventheader, "presence", MAX(event_len, 8)) || !strncmp(eventheader, "dialog", MAX(event_len, 6))) { /* Presence, RFC 3842 */
unsigned int pidf_xml;
const char *accept;
int start = 0;
@@ -25761,7 +25762,7 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
} else {
p->subscribed = subscribed;
}
- } else if (!strcmp(event, "message-summary")) {
+ } else if (!strncmp(eventheader, "message-summary", MAX(event_len, 15))) {
int start = 0;
int found_supported = 0;
const char *acceptheader;
@@ -25826,11 +25827,11 @@ static int handle_request_subscribe(struct sip_pvt *p, struct sip_request *req,
p->relatedpeer = sip_ref_peer(authpeer, "setting dialog's relatedpeer pointer");
}
/* Do not release authpeer here */
- } else if (!strcmp(event, "call-completion")) {
+ } else if (!strncmp(eventheader, "call-completion", MAX(event_len, 15))) {
handle_cc_subscribe(p, req);
} else { /* At this point, Asterisk does not understand the specified event */
transmit_response(p, "489 Bad Event", req);
- ast_debug(2, "Received SIP subscribe for unknown event package: %s\n", event);
+ ast_debug(2, "Received SIP subscribe for unknown event package: %s\n", eventheader);
pvt_set_needdestroy(p, "unknown event package");
if (authpeer) {
sip_unref_peer(authpeer, "sip_unref_peer, from handle_request_subscribe (authpeer 5)");
@@ -28525,32 +28526,42 @@ static struct sip_peer *build_peer(const char *name, struct ast_variable *v, str
} else if (!strcasecmp(v->name, "fromuser")) {
ast_string_field_set(peer, fromuser, v->value);
} else if (!strcasecmp(v->name, "outboundproxy")) {
- char *tok, *proxyname;
+ char *host, *proxyname, *sep;
if (ast_strlen_zero(v->value)) {
- ast_log(LOG_WARNING, "no value given for outbound proxy on line %d of sip.conf.", v->lineno);
+ ast_log(LOG_WARNING, "no value given for outbound proxy on line %d of sip.conf\n", v->lineno);
continue;
}
- peer->outboundproxy =
- ao2_alloc(sizeof(*peer->outboundproxy), NULL);
-
- tok = ast_skip_blanks(strtok(ast_strdupa(v->value), ","));
-
- sip_parse_host(tok, v->lineno, &proxyname,
- &peer->outboundproxy->port,
- &peer->outboundproxy->transport);
+ if (!peer->outboundproxy) {
+ peer->outboundproxy = ao2_alloc(sizeof(*peer->outboundproxy), NULL);
+ if (!peer->outboundproxy) {
+ ast_log(LOG_WARNING, "Unable to allocate config storage for outboundproxy\n");
+ continue;
+ }
+ }
- tok = ast_skip_blanks(strtok(ast_strdupa(v->value), ","));
+ host = ast_strdupa(v->value);
+ if (!host) {
+ ast_log(LOG_WARNING, "Unable to allocate stack space for parsing outboundproxy\n");
+ continue;
+ }
- if ((tok = strtok(NULL, ","))) {
- peer->outboundproxy->force = !strncasecmp(ast_skip_blanks(tok), "force", 5);
+ host = ast_skip_blanks(host);
+ sep = strchr(host, ',');
+ if (sep) {
+ *sep++ = '\0';
+ peer->outboundproxy->force = !strncasecmp(ast_skip_blanks(sep), "force", 5);
} else {
peer->outboundproxy->force = FALSE;
}
+ sip_parse_host(host, v->lineno, &proxyname,
+ &peer->outboundproxy->port,
+ &peer->outboundproxy->transport);
+
if (ast_strlen_zero(proxyname)) {
- ast_log(LOG_WARNING, "you must specify a name for the outboundproxy on line %d of sip.conf.", v->lineno);
+ ast_log(LOG_WARNING, "you must specify a name for the outboundproxy on line %d of sip.conf\n", v->lineno);
sip_cfg.outboundproxy.name[0] = '\0';
continue;
}
@@ -29141,6 +29152,11 @@ static int reload_config(enum channelreloadreason reason)
ast_config_destroy(ucfg);
return 1;
}
+ if (!cfg) {
+ /* should have been able to reload here */
+ ast_log(LOG_NOTICE, "Unable to load config %s\n", config);
+ return -1;
+ }
} else if (cfg == CONFIG_STATUS_FILEINVALID) {
ast_log(LOG_ERROR, "Contents of %s are invalid and cannot be parsed\n", config);
return 1;
@@ -29557,27 +29573,34 @@ static int reload_config(enum channelreloadreason reason)
default_fromdomainport = STANDARD_SIP_PORT;
}
} else if (!strcasecmp(v->name, "outboundproxy")) {
- char *tok, *proxyname;
+ char *host, *proxyname, *sep;
if (ast_strlen_zero(v->value)) {
- ast_log(LOG_WARNING, "no value given for outbound proxy on line %d of sip.conf.", v->lineno);
+ ast_log(LOG_WARNING, "no value given for outbound proxy on line %d of sip.conf\n", v->lineno);
continue;
}
- tok = ast_skip_blanks(strtok(ast_strdupa(v->value), ","));
-
- sip_parse_host(tok, v->lineno, &proxyname,
- &sip_cfg.outboundproxy.port,
- &sip_cfg.outboundproxy.transport);
+ host = ast_strdupa(v->value);
+ if (!host) {
+ ast_log(LOG_WARNING, "Unable to allocate stack space for parsing outboundproxy\n");
+ continue;
+ }
- if ((tok = strtok(NULL, ","))) {
- sip_cfg.outboundproxy.force = !strncasecmp(ast_skip_blanks(tok), "force", 5);
+ host = ast_skip_blanks(host);
+ sep = strchr(host, ',');
+ if (sep) {
+ *sep++ = '\0';
+ sip_cfg.outboundproxy.force = !strncasecmp(ast_skip_blanks(sep), "force", 5);
} else {
sip_cfg.outboundproxy.force = FALSE;
}
+ sip_parse_host(host, v->lineno, &proxyname,
+ &sip_cfg.outboundproxy.port,
+ &sip_cfg.outboundproxy.transport);
+
if (ast_strlen_zero(proxyname)) {
- ast_log(LOG_WARNING, "you must specify a name for the outboundproxy on line %d of sip.conf.", v->lineno);
+ ast_log(LOG_WARNING, "you must specify a name for the outboundproxy on line %d of sip.conf\n", v->lineno);
sip_cfg.outboundproxy.name[0] = '\0';
continue;
}
diff --git a/channels/sip/config_parser.c b/channels/sip/config_parser.c
index 55695e5455d9a7a246f451c58725ccf734ad0f0b..4a03189f6cea070ca39ad0a65faf6de9db326aef 100644
--- a/channels/sip/config_parser.c
+++ b/channels/sip/config_parser.c
@@ -638,6 +638,7 @@ int sip_parse_host(char *line, int lineno, char **hostname, int *portnum, enum s
char *port;
if (ast_strlen_zero(line)) {
+ *hostname = NULL;
return -1;
}
if ((*hostname = strstr(line, "://"))) {
diff --git a/funcs/func_aes.c b/funcs/func_aes.c
index c176f486351eeec2ff6e4df827029578828a5334..2e1959cd8fb02dc5a7d5b641495c2e73187958f4 100644
--- a/funcs/func_aes.c
+++ b/funcs/func_aes.c
@@ -114,6 +114,10 @@ static int aes_helper(struct ast_channel *chan, const char *cmd, char *data,
ast_aes_set_encrypt_key((unsigned char *) args.key, &ecx); /* encryption: plaintext -> encryptedtext -> base64 */
ast_aes_set_decrypt_key((unsigned char *) args.key, &dcx); /* decryption: base64 -> encryptedtext -> plaintext */
tmp = ast_calloc(1, len); /* requires a tmp buffer for the base64 decode */
+ if (!tmp) {
+ ast_log(LOG_ERROR, "Unable to allocate memory for data\n");
+ return -1;
+ }
tmpP = tmp;
encrypt = strcmp("AES_DECRYPT", cmd); /* -1 if encrypting, 0 if decrypting */
diff --git a/main/config.c b/main/config.c
index d4429b4abe4529a0bc6f1fb25fb17fc37fa70593..a143927af0fda1344598b016c6c35731e2f21beb 100644
--- a/main/config.c
+++ b/main/config.c
@@ -2121,6 +2121,10 @@ int read_config_maps(void)
clear_config_maps();
configtmp = ast_config_new();
+ if (!configtmp) {
+ ast_log(LOG_ERROR, "Unable to allocate memory for new config\n");
+ return -1;
+ }
configtmp->max_include_level = 1;
config = ast_config_internal_load(extconfig_conf, configtmp, flags, "", "extconfig");
if (config == CONFIG_STATUS_FILEINVALID) {
diff --git a/main/features.c b/main/features.c
index d9489592bd549308f38fe452a83d62f5ebcb0480..db6f1f36657e5f98be9b23c2cc58c05c549cd348 100644
--- a/main/features.c
+++ b/main/features.c
@@ -5961,7 +5961,7 @@ static struct ast_parkinglot *build_parkinglot(const char *pl_name, struct ast_v
static void process_applicationmap_line(struct ast_variable *var)
{
char *tmp_val = ast_strdupa(var->value);
- char *activateon;
+ char *activateon, *new_syn;
struct ast_call_feature *feature;
AST_DECLARE_APP_ARGS(args,
AST_APP_ARG(exten);
@@ -5972,10 +5972,10 @@ static void process_applicationmap_line(struct ast_variable *var)
);
AST_STANDARD_APP_ARGS(args, tmp_val);
- if (strchr(args.app, '(')) {
+ if ((new_syn = strchr(args.app, '('))) {
/* New syntax */
args.moh_class = args.app_args;
- args.app_args = strchr(args.app, '(');
+ args.app_args = new_syn;
*args.app_args++ = '\0';
if (args.app_args[strlen(args.app_args) - 1] == ')') {
args.app_args[strlen(args.app_args) - 1] = '\0';
diff --git a/pbx/pbx_config.c b/pbx/pbx_config.c
index 22ea1d7107db6dcf77150c9bc007b8907138eca0..6ab54656ae38120b101c0766b5ccb1887c2f69a2 100644
--- a/pbx/pbx_config.c
+++ b/pbx/pbx_config.c
@@ -733,6 +733,11 @@ static char *handle_cli_dialplan_save(struct ast_cli_entry *e, int cmd, struct a
snprintf(filename, sizeof(filename), "%s%s%s", base, slash, config);
cfg = ast_config_load("extensions.conf", config_flags);
+ if (!cfg) {
+ ast_cli(a->fd, "Failed to load extensions.conf\n");
+ ast_mutex_unlock(&save_dialplan_lock);
+ return CLI_FAILURE;
+ }
/* try to lock contexts list */
if (ast_rdlock_contexts()) {