From b9838a9960f8dea04050674e5c72e9f182ddd2f9 Mon Sep 17 00:00:00 2001
From: Corey Farrell <git@cfware.com>
Date: Wed, 4 Jun 2014 07:20:22 +0000
Subject: [PATCH] app_confbridge: Correct verification of conference name
 length
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Conference names were not checked for maximum length, allowing unexpected
behaviour.  This change adds checking to ensure the maximum length is not
exceeded.  The maximum length is also changed from 32 to AST_MAX_EXTENSION.

ASTERISK-23035 #close
Reported by: Iñaki Cívico
Tested by: Iñaki Cívico
Patches:
    confbridge-enforce_max-1.8.patch uploaded by coreyfarrell (license 5909)
    confbridge-enforce_max-11up.patch uploaded by coreyfarrell (license 5909)
........

Merged revisions 415060 from http://svn.asterisk.org/svn/asterisk/branches/1.8


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@415066 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 apps/app_confbridge.c                | 16 +++++++++++-----
 apps/confbridge/include/confbridge.h |  2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/apps/app_confbridge.c b/apps/app_confbridge.c
index 553e513517..909cb00ac3 100644
--- a/apps/app_confbridge.c
+++ b/apps/app_confbridge.c
@@ -1587,16 +1587,22 @@ static int confbridge_exec(struct ast_channel *chan, const char *data)
 		ast_answer(chan);
 	}
 
-	if (ast_strlen_zero(data)) {
+	/* We need to make a copy of the input string if we are going to modify it! */
+	parse = ast_strdupa(data);
+
+	AST_STANDARD_APP_ARGS(args, parse);
+
+	if (ast_strlen_zero(args.conf_name)) {
 		ast_log(LOG_WARNING, "%s requires an argument (conference name[,options])\n", app);
 		res = -1;
 		goto confbridge_cleanup;
 	}
 
-	/* We need to make a copy of the input string if we are going to modify it! */
-	parse = ast_strdupa(data);
-
-	AST_STANDARD_APP_ARGS(args, parse);
+	if (strlen(args.conf_name) >= MAX_CONF_NAME) {
+		ast_log(LOG_WARNING, "%s does not accept conference names longer than %d\n", app, MAX_CONF_NAME - 1);
+		res = -1;
+		goto confbridge_cleanup;
+	}
 
 	/* bridge profile name */
 	if (args.argc > 1 && !ast_strlen_zero(args.b_profile_name)) {
diff --git a/apps/confbridge/include/confbridge.h b/apps/confbridge/include/confbridge.h
index 6d11c05261..c1f50422cd 100644
--- a/apps/confbridge/include/confbridge.h
+++ b/apps/confbridge/include/confbridge.h
@@ -31,7 +31,7 @@
 #include "conf_state.h"
 
 /* Maximum length of a conference bridge name */
-#define MAX_CONF_NAME 32
+#define MAX_CONF_NAME AST_MAX_EXTENSION
 /* Maximum length of a conference pin */
 #define MAX_PIN     80
 
-- 
GitLab