From eb2aded25c185437ad219dfa07d8f1a5d1775b42 Mon Sep 17 00:00:00 2001
From: Richard Mudgett <rmudgett@digium.com>
Date: Mon, 23 Jun 2014 16:04:33 +0000
Subject: [PATCH] core_unreal: Fix off by one buffer overwrite error.

Appending the ;2 to the user supplied ;1 uniqueid to create the ;2 version
if the user did not also supply an extra uniqueid for the ;2 channel
resulted in allocating a buffer that was one byte too small.

* Fix off by one error in ast_unreal_new_channels() when generating the ;2
uniqueid from the user suppled ;1 version.

* Pulled some long assignment lines from if tests to improve line break
readability in ast_unreal_new_channels().
........

Merged revisions 417119 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@417120 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 main/core_unreal.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/main/core_unreal.c b/main/core_unreal.c
index 481ed2d0cc..c9afa5194e 100644
--- a/main/core_unreal.c
+++ b/main/core_unreal.c
@@ -911,7 +911,7 @@ struct ast_channel *ast_unreal_new_channels(struct ast_unreal_pvt *p,
 	if (id1.uniqueid && ast_strlen_zero(id2.uniqueid)) {
 		char *uniqueid2;
 
-		uniqueid2 = ast_alloca(strlen(id1.uniqueid) + 2);
+		uniqueid2 = ast_alloca(strlen(id1.uniqueid) + 3);
 		strcpy(uniqueid2, id1.uniqueid);/* Safe */
 		strcat(uniqueid2, ";2");/* Safe */
 		id2.uniqueid = uniqueid2;
@@ -924,9 +924,10 @@ struct ast_channel *ast_unreal_new_channels(struct ast_unreal_pvt *p,
 	 * You can't pass linkedid to both allocations since if linkedid
 	 * isn't set, then each channel will generate its own linkedid.
 	 */
-	if (!(owner = ast_channel_alloc(1, semi1_state, NULL, NULL, NULL,
-			exten, context, &id1, requestor, 0,
-			"%s/%s-%08x;1", tech->type, p->name, (unsigned)generated_seqno))) {
+	owner = ast_channel_alloc(1, semi1_state, NULL, NULL, NULL,
+		exten, context, &id1, requestor, 0,
+		"%s/%s-%08x;1", tech->type, p->name, (unsigned)generated_seqno);
+	if (!owner) {
 		ast_log(LOG_WARNING, "Unable to allocate owner channel structure\n");
 		return NULL;
 	}
@@ -964,9 +965,10 @@ struct ast_channel *ast_unreal_new_channels(struct ast_unreal_pvt *p,
 	p->owner = owner;
 	ast_channel_unlock(owner);
 
-	if (!(chan = ast_channel_alloc(1, semi2_state, NULL, NULL, NULL,
-			exten, context, &id2, owner, 0,
-			"%s/%s-%08x;2", tech->type, p->name, (unsigned)generated_seqno))) {
+	chan = ast_channel_alloc(1, semi2_state, NULL, NULL, NULL,
+		exten, context, &id2, owner, 0,
+		"%s/%s-%08x;2", tech->type, p->name, (unsigned)generated_seqno);
+	if (!chan) {
 		ast_log(LOG_WARNING, "Unable to allocate chan channel structure\n");
 		ao2_ref(p, -1);
 		ast_channel_tech_pvt_set(owner, NULL);
-- 
GitLab