[Freeswitch-svn] [commit] r11339 - in freeswitch/trunk/src: . include mod/applications/mod_dptools
FreeSWITCH SVN
anthm at freeswitch.org
Wed Jan 21 13:34:31 PST 2009
Author: anthm
Date: Wed Jan 21 15:34:31 2009
New Revision: 11339
Log:
taint check MODW00T-00
Modified:
freeswitch/trunk/src/include/switch_channel.h
freeswitch/trunk/src/include/switch_utils.h
freeswitch/trunk/src/mod/applications/mod_dptools/mod_dptools.c
freeswitch/trunk/src/switch_caller.c
freeswitch/trunk/src/switch_channel.c
freeswitch/trunk/src/switch_core.c
freeswitch/trunk/src/switch_event.c
Modified: freeswitch/trunk/src/include/switch_channel.h
==============================================================================
--- freeswitch/trunk/src/include/switch_channel.h (original)
+++ freeswitch/trunk/src/include/switch_channel.h Wed Jan 21 15:34:31 2009
@@ -219,12 +219,19 @@
\param value the vaule of the variable
\returns SWITCH_STATUS_SUCCESS if successful
*/
-SWITCH_DECLARE(switch_status_t) switch_channel_set_variable(switch_channel_t *channel, const char *varname, const char *value);
+
+SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_var_check(switch_channel_t *channel,
+ const char *varname, const char *value, switch_bool_t var_check);
SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_printf(switch_channel_t *channel, const char *varname, const char *fmt, ...);
-SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_partner(switch_channel_t *channel, const char *varname, const char *value);
+SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_partner_var_check(switch_channel_t *channel,
+ const char *varname, const char *value, switch_bool_t var_check);
SWITCH_DECLARE(const char *) switch_channel_get_variable_partner(switch_channel_t *channel, const char *varname);
+
+#define switch_channel_set_variable(_channel, _var, _val) switch_channel_set_variable_var_check(_channel, _var, _val, SWITCH_TRUE)
+#define switch_channel_set_variable_partner(_channel, _var, _val) switch_channel_set_variable_partner_var_check(_channel, _var, _val, SWITCH_TRUE)
+
/*!
\brief Retrieve a variable from a given channel
\param channel channel to retrieve variable from
Modified: freeswitch/trunk/src/include/switch_utils.h
==============================================================================
--- freeswitch/trunk/src/include/switch_utils.h (original)
+++ freeswitch/trunk/src/include/switch_utils.h Wed Jan 21 15:34:31 2009
@@ -280,7 +280,32 @@
#define switch_set_string(_dst, _src) switch_copy_string(_dst, _src, sizeof(_dst))
- static inline char *switch_clean_string(char *s)
+static inline switch_bool_t switch_string_var_check(char *s, switch_bool_t disable)
+{
+ char *p;
+ char *dol = NULL;
+
+ for (p = s; p && *p; p++) {
+ if (*p == '$') {
+ dol = p;
+ } else if (dol) {
+ if (*p == '{') {
+ if (disable) {
+ *dol = '%';
+ dol = NULL;
+ } else {
+ return SWITCH_TRUE;
+ }
+ } else if (*p != '\\') {
+ dol = NULL;
+ }
+ }
+ }
+ return SWITCH_FALSE;
+}
+
+
+static inline char *switch_clean_string(char *s)
{
char *p;
for (p = s; p && *p; p++) {
Modified: freeswitch/trunk/src/mod/applications/mod_dptools/mod_dptools.c
==============================================================================
--- freeswitch/trunk/src/mod/applications/mod_dptools/mod_dptools.c (original)
+++ freeswitch/trunk/src/mod/applications/mod_dptools/mod_dptools.c Wed Jan 21 15:34:31 2009
@@ -697,7 +697,7 @@
}
switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_DEBUG, "%s SET [%s]=[%s]\n", switch_channel_get_name(channel), var, expanded ? expanded : "UNDEF");
- switch_channel_set_variable(channel, var, expanded);
+ switch_channel_set_variable_var_check(channel, var, expanded, SWITCH_FALSE);
if (expanded && expanded != val) {
switch_safe_free(expanded);
Modified: freeswitch/trunk/src/switch_caller.c
==============================================================================
--- freeswitch/trunk/src/switch_caller.c (original)
+++ freeswitch/trunk/src/switch_caller.c Wed Jan 21 15:34:31 2009
@@ -34,7 +34,7 @@
#include <switch_caller.h>
#define profile_dup(a,b,p) if (!switch_strlen_zero(a)) { b = switch_core_strdup(p, a); } else { b = SWITCH_BLANK_STRING; }
-#define profile_dup_clean(a,b,p) if (!switch_strlen_zero(a)) { b = switch_clean_string(switch_core_strdup(p, a)); } else { b = SWITCH_BLANK_STRING; }
+#define profile_dup_clean(a,b,p) if (!switch_strlen_zero(a)) { b = switch_clean_string(switch_core_strdup(p, a)); switch_string_var_check( (char *) b , SWITCH_TRUE);} else { b = SWITCH_BLANK_STRING; }
SWITCH_DECLARE(switch_caller_profile_t *) switch_caller_profile_new(switch_memory_pool_t *pool,
const char *username,
Modified: freeswitch/trunk/src/switch_channel.c
==============================================================================
--- freeswitch/trunk/src/switch_channel.c (original)
+++ freeswitch/trunk/src/switch_channel.c Wed Jan 21 15:34:31 2009
@@ -574,7 +574,8 @@
return (!switch_strlen_zero(channel->name)) ? channel->name : "N/A";
}
-SWITCH_DECLARE(switch_status_t) switch_channel_set_variable(switch_channel_t *channel, const char *varname, const char *value)
+SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_var_check(switch_channel_t *channel,
+ const char *varname, const char *value, switch_bool_t var_check)
{
switch_assert(channel != NULL);
@@ -582,7 +583,16 @@
switch_mutex_lock(channel->profile_mutex);
switch_event_del_header(channel->variables, varname);
if (!switch_strlen_zero(value)) {
- switch_event_add_header_string(channel->variables, SWITCH_STACK_BOTTOM, varname, value);
+ int ok = 1;
+
+ if (var_check) {
+ ok = !switch_string_var_check((char *)value, SWITCH_FALSE);
+ }
+ if (ok) {
+ switch_event_add_header_string(channel->variables, SWITCH_STACK_BOTTOM, varname, value);
+ } else {
+ switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_CRIT, "Invalid data (contains a variable)\n");
+ }
}
switch_mutex_unlock(channel->profile_mutex);
return SWITCH_STATUS_SUCCESS;
@@ -623,7 +633,8 @@
}
-SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_partner(switch_channel_t *channel, const char *varname, const char *value)
+SWITCH_DECLARE(switch_status_t) switch_channel_set_variable_partner_var_check(switch_channel_t *channel,
+ const char *varname, const char *value, switch_bool_t var_check)
{
const char *uuid;
switch_assert(channel != NULL);
@@ -633,7 +644,7 @@
switch_core_session_t *session;
if ((session = switch_core_session_locate(uuid))) {
switch_channel_t *tchannel = switch_core_session_get_channel(session);
- switch_channel_set_variable(tchannel, varname, value);
+ switch_channel_set_variable_var_check(tchannel, varname, value, var_check);
switch_core_session_rwunlock(session);
}
return SWITCH_STATUS_SUCCESS;
@@ -1820,7 +1831,6 @@
char *p, *c = NULL;
char *data, *indup, *endof_indup;
size_t sp = 0, len = 0, olen = 0, vtype = 0, br = 0, cpos, block = 128;
- const char *q;
char *cloned_sub_val = NULL, *sub_val = NULL;
char *func_val = NULL;
int nv = 0;
@@ -1829,20 +1839,7 @@
return (char *) in;
}
- q = in;
- while (q && *q) {
- if (!(p = strchr(q, '$'))) {
- break;
- }
-
- if (*(p + 1) != '{') {
- q = p + 1;
- continue;
- }
-
- nv = 1;
- break;
- }
+ nv = switch_string_var_check((char *)in, SWITCH_FALSE);
if (!nv) {
return (char *) in;
Modified: freeswitch/trunk/src/switch_core.c
==============================================================================
--- freeswitch/trunk/src/switch_core.c (original)
+++ freeswitch/trunk/src/switch_core.c Wed Jan 21 15:34:31 2009
@@ -254,7 +254,9 @@
free(val);
}
if (value) {
- switch_core_hash_insert(runtime.global_vars, varname, strdup(value));
+ char *v = strdup(value);
+ switch_string_var_check(v, SWITCH_TRUE);
+ switch_core_hash_insert(runtime.global_vars, varname, v);
} else {
switch_core_hash_delete(runtime.global_vars, varname);
}
Modified: freeswitch/trunk/src/switch_event.c
==============================================================================
--- freeswitch/trunk/src/switch_event.c (original)
+++ freeswitch/trunk/src/switch_event.c Wed Jan 21 15:34:31 2009
@@ -1246,25 +1246,12 @@
char *p, *c = NULL;
char *data, *indup, *endof_indup;
size_t sp = 0, len = 0, olen = 0, vtype = 0, br = 0, cpos, block = 128;
- const char *q, *sub_val = NULL;
+ const char *sub_val = NULL;
char *cloned_sub_val = NULL;
char *func_val = NULL;
int nv = 0;
- q = in;
- while (q && *q) {
- if (!(p = strchr(q, '$'))) {
- break;
- }
-
- if (*(p + 1) != '{') {
- q = p + 1;
- continue;
- }
-
- nv = 1;
- break;
- }
+ nv = switch_string_var_check((char *)in, SWITCH_FALSE);
if (!nv) {
return (char *) in;
More information about the Freeswitch-svn
mailing list