From 868be02a2f33e77473ceebe89023af51a2459404 Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Tue, 27 Aug 2013 16:51:08 +0000
Subject: [PATCH] Fix uninitialized value in struct ast_control_pvt_cause_code
 usage. ........

Merged revisions 397744 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 397745 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@397746 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_dahdi.c | 1 +
 channels/chan_iax2.c  | 1 +
 channels/chan_motif.c | 8 ++++----
 channels/chan_sip.c   | 1 +
 channels/sig_analog.c | 1 +
 channels/sig_pri.c    | 1 +
 channels/sig_ss7.c    | 1 +
 7 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index b4078b15f3..957ad6fed3 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -3686,6 +3686,7 @@ static void dahdi_r2_on_call_disconnect(openr2_chan_t *r2chan, openr2_call_disco
 	snprintf(cause_str, sizeof(cause_str), "R2 DISCONNECT (%s)", openr2_proto_get_disconnect_string(cause));
 	datalen += strlen(cause_str);
 	cause_code = ast_alloca(datalen);
+	memset(cause_code, 0, datalen);
 	cause_code->ast_cause = dahdi_r2_cause_to_ast_cause(cause);
 	ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME);
 	ast_copy_string(cause_code->code, cause_str, datalen + 1 - sizeof(*cause_code));
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 1b910a14a0..1984fc7985 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -9996,6 +9996,7 @@ static int socket_process_helper(struct iax2_thread *thread)
 		data_size += strlen(subclass);
 
 		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 		ast_copy_string(cause_code->chan_name, ast_channel_name(iaxs[fr->callno]->owner), AST_CHANNEL_NAME);
 
 		cause_code->ast_cause = ies.causecode;
diff --git a/channels/chan_motif.c b/channels/chan_motif.c
index c77d0c0d2d..72118ce104 100644
--- a/channels/chan_motif.c
+++ b/channels/chan_motif.c
@@ -2532,7 +2532,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 
 		/* Size of the string making up the cause code is "Motif " + text */
 		data_size += 6 + strlen(iks_name(text));
-		cause_code = ast_malloc(data_size);
+		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 
 		/* Get the appropriate cause code mapping for this reason */
 		for (i = 0; i < ARRAY_LEN(jingle_reason_mappings); i++) {
@@ -2546,7 +2547,8 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 		snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "Motif %s", iks_name(text));
 	} else {
 		/* No technology specific information is available */
-		cause_code = ast_malloc(data_size);
+		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 	}
 
 	ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME);
@@ -2554,8 +2556,6 @@ static void jingle_action_session_terminate(struct jingle_endpoint *endpoint, st
 	ast_queue_control_data(chan, AST_CONTROL_PVT_CAUSE_CODE, cause_code, data_size);
 	ast_channel_hangupcause_hash_set(chan, cause_code, data_size);
 
-	ast_free(cause_code);
-
 	ast_debug(3, "Hanging up channel '%s' due to session terminate message with cause '%d'\n", ast_channel_name(chan), cause);
 	ast_queue_hangup_with_cause(chan, cause);
 	session->gone = 1;
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index e4596a892f..58ee175c54 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -27987,6 +27987,7 @@ static int handle_incoming(struct sip_pvt *p, struct sip_request *req, struct as
 				/* size of the string making up the cause code is "SIP " + cause length */
 				data_size += 4 + strlen(REQ_OFFSET_TO_STR(req, rlpart2));
 				cause_code = ast_alloca(data_size);
+				memset(cause_code, 0, data_size);
 
 				ast_copy_string(cause_code->chan_name, ast_channel_name(p->owner), AST_CHANNEL_NAME);
 
diff --git a/channels/sig_analog.c b/channels/sig_analog.c
index c7885403f4..d1ed673786 100644
--- a/channels/sig_analog.c
+++ b/channels/sig_analog.c
@@ -2715,6 +2715,7 @@ static struct ast_frame *__analog_handle_event(struct analog_pvt *p, struct ast_
 		subclass = analog_event2str(res);
 		data_size += strlen(subclass);
 		cause_code = ast_alloca(data_size);
+		memset(cause_code, 0, data_size);
 		cause_code->ast_cause = AST_CAUSE_NORMAL_CLEARING;
 		ast_copy_string(cause_code->chan_name, ast_channel_name(ast), AST_CHANNEL_NAME);
 		snprintf(cause_code->code, data_size - sizeof(*cause_code) + 1, "ANALOG %s", subclass);
diff --git a/channels/sig_pri.c b/channels/sig_pri.c
index b6a04b67fa..a6d134e1b3 100644
--- a/channels/sig_pri.c
+++ b/channels/sig_pri.c
@@ -1404,6 +1404,7 @@ static void pri_queue_pvt_cause_data(struct sig_pri_span *pri, int chanpos, cons
 	if (chan) {
 		int datalen = sizeof(*cause_code) + strlen(cause);
 		cause_code = ast_alloca(datalen);
+		memset(cause_code, 0, datalen);
 		cause_code->ast_cause = ast_cause;
 		ast_copy_string(cause_code->chan_name, ast_channel_name(chan), AST_CHANNEL_NAME);
 		ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code));
diff --git a/channels/sig_ss7.c b/channels/sig_ss7.c
index d5a92c332c..baf152d4e9 100644
--- a/channels/sig_ss7.c
+++ b/channels/sig_ss7.c
@@ -411,6 +411,7 @@ static void ss7_queue_pvt_cause_data(struct ast_channel *owner, const char *caus
 	int datalen = sizeof(*cause_code) + strlen(cause);
 
 	cause_code = ast_alloca(datalen);
+	memset(cause_code, 0, datalen);
 	cause_code->ast_cause = ast_cause;
 	ast_copy_string(cause_code->chan_name, ast_channel_name(owner), AST_CHANNEL_NAME);
 	ast_copy_string(cause_code->code, cause, datalen + 1 - sizeof(*cause_code));
-- 
GitLab