diff options
Diffstat (limited to 'net-misc/asterisk/files/asterisk-13.38.2-r2-func_odbc_minargs-ARGC.patch')
-rw-r--r-- | net-misc/asterisk/files/asterisk-13.38.2-r2-func_odbc_minargs-ARGC.patch | 180 |
1 files changed, 180 insertions, 0 deletions
diff --git a/net-misc/asterisk/files/asterisk-13.38.2-r2-func_odbc_minargs-ARGC.patch b/net-misc/asterisk/files/asterisk-13.38.2-r2-func_odbc_minargs-ARGC.patch new file mode 100644 index 000000000000..db3817b5242b --- /dev/null +++ b/net-misc/asterisk/files/asterisk-13.38.2-r2-func_odbc_minargs-ARGC.patch @@ -0,0 +1,180 @@ +From d847f7e8f8736e5f51fd11df2992fac87131c1d8 Mon Sep 17 00:00:00 2001 +From: Jaco Kroon <jaco@uls.co.za> +Date: Wed, 17 Feb 2021 22:51:17 +0200 +Subject: [PATCH] func_odbc: Introduce minargs config and expose ARGC in + addition to ARGn. + +minargs enables enforcing of minimum count of arguments to pass to +func_odbc, so if you're unconditionally using ARG1 through ARG4 then +this should be set to 4. func_odbc will generate an error in this case, +so for example + +[FOO] +minargs = 4 + +and ODBC_FOO(a,b,c) in dialplan will now error out instead of using a +potentially leaked ARG4 from Gosub(). + +ARGC is needed if you're using optional argument, to verify whether or +not an argument has been passed, else it's possible to use a leaked ARGn +from Gosub (app_stack). So now you can safely do +${IF($[${ARGC}>3]?${ARGV}:default value)} kind of thing. + +Change-Id: I6ca0b137d90b03f6aa9c496991f6cbf1518f6c24 +Signed-off-by: Jaco Kroon <jaco@uls.co.za> +--- + configs/samples/func_odbc.conf.sample | 11 +++++++ + .../func_odbc_ARGC_minargs.txt | 20 ++++++++++++ + funcs/func_odbc.c | 31 +++++++++++++++++-- + 3 files changed, 60 insertions(+), 2 deletions(-) + create mode 100644 doc/CHANGES-staging/func_odbc_ARGC_minargs.txt + +diff --git a/configs/samples/func_odbc.conf.sample b/configs/samples/func_odbc.conf.sample +index c467f7ec06..b825974ea7 100644 +--- a/configs/samples/func_odbc.conf.sample ++++ b/configs/samples/func_odbc.conf.sample +@@ -23,6 +23,10 @@ + ; For substitution, you have ${ARG1}, ${ARG2} ... ${ARGn} + ; for the arguments to each SQL statement. + ; ++; Additionally you can use ${ARGC} to determine the number of arguments that ++; was actually passed (or risk using leaked ARGn variables from the channel). ++; Also reference the minargs configuration option. ++; + ; In addition, for write statements, you have ${VAL1}, ${VAL2} ... ${VALn} + ; parsed, just like arguments, for the values. In addition, if you want the + ; whole value, never mind the parsing, you can get that with ${VALUE}. +@@ -87,6 +91,13 @@ + ; These additional rows can be returned by using the name of the + ; function which was called to retrieve the first row as an + ; argument to ODBC_FETCH(). ++; minargs The minimum number of ARGUMENTS that has to be passed to the ++; function. If fewer arguments than this is passed, then the call ++; will fail. It is important to note that unlike Gosub() and friends, ++; func_odbc will not mask out ARGn variables that it's not actively ++; using, as such, without this, it's entirely possible to use say ++; ARG2 from the Gosub() inside func_odbc when the intent was to ++; use an argument passed to func_odbc, but it simply was never passed. + + + ; ODBC_SQL - Allow an SQL statement to be built entirely in the dialplan +diff --git a/doc/CHANGES-staging/func_odbc_ARGC_minargs.txt b/doc/CHANGES-staging/func_odbc_ARGC_minargs.txt +new file mode 100644 +index 0000000000..0984b5022d +--- /dev/null ++++ b/doc/CHANGES-staging/func_odbc_ARGC_minargs.txt +@@ -0,0 +1,20 @@ ++Subject: func_odbc ++ ++Introduce an ARGC variable for func_odbc functions, along with a minargs ++per-function configuration option. ++ ++minargs enables enforcing of minimum count of arguments to pass to ++func_odbc, so if you're unconditionally using ARG1 through ARG4 then ++this should be set to 4. func_odbc will generate an error in this case, ++so for example ++ ++[FOO] ++minargs = 4 ++ ++and ODBC_FOO(a,b,c) in dialplan will now error out instead of using a ++potentially leaked ARG4 from Gosub(). ++ ++ARGC is needed if you're using optional argument, to verify whether or ++not an argument has been passed, else it's possible to use a leaked ARGn ++from Gosub (app_stack). So now you can safely do ++${IF($[${ARGC}>3]?${ARGV}:default value)} kind of thing. +diff --git a/funcs/func_odbc.c b/funcs/func_odbc.c +index 5cc0faaa98..9d6d0fc304 100644 +--- a/funcs/func_odbc.c ++++ b/funcs/func_odbc.c +@@ -120,6 +120,7 @@ struct acf_odbc_query { + char *sql_insert; + unsigned int flags; + int rowlimit; ++ int minargs; + struct ast_custom_function *acf; + }; + +@@ -545,6 +546,14 @@ static int acf_odbc_write(struct ast_channel *chan, const char *cmd, char *s, co + return -1; + } + ++ AST_STANDARD_APP_ARGS(args, s); ++ if (args.argc < query->minargs) { ++ ast_log(LOG_ERROR, "%d arguments supplied to '%s' requiring minimum %d\n", ++ args.argc, cmd, query->minargs); ++ AST_RWLIST_UNLOCK(&queries); ++ return -1; ++ } ++ + if (!chan) { + if (!(chan = ast_dummy_channel_alloc())) { + AST_RWLIST_UNLOCK(&queries); +@@ -578,7 +587,8 @@ static int acf_odbc_write(struct ast_channel *chan, const char *cmd, char *s, co + return -1; + } + +- AST_STANDARD_APP_ARGS(args, s); ++ snprintf(varname, sizeof(varname), "%u", args.argc); ++ pbx_builtin_pushvar_helper(chan, "ARGC", varname); + for (i = 0; i < args.argc; i++) { + snprintf(varname, sizeof(varname), "ARG%d", i + 1); + pbx_builtin_pushvar_helper(chan, varname, args.field[i]); +@@ -603,6 +613,8 @@ static int acf_odbc_write(struct ast_channel *chan, const char *cmd, char *s, co + chan = ast_channel_unref(chan); + } else { + /* Restore prior values */ ++ pbx_builtin_setvar_helper(chan, "ARGC", NULL); ++ + for (i = 0; i < args.argc; i++) { + snprintf(varname, sizeof(varname), "ARG%d", i + 1); + pbx_builtin_setvar_helper(chan, varname, NULL); +@@ -756,6 +768,14 @@ static int acf_odbc_read(struct ast_channel *chan, const char *cmd, char *s, cha + return -1; + } + ++ AST_STANDARD_APP_ARGS(args, s); ++ if (args.argc < query->minargs) { ++ ast_log(LOG_ERROR, "%d arguments supplied to '%s' requiring minimum %d\n", ++ args.argc, cmd, query->minargs); ++ AST_RWLIST_UNLOCK(&queries); ++ return -1; ++ } ++ + if (!chan) { + if (!(chan = ast_dummy_channel_alloc())) { + AST_RWLIST_UNLOCK(&queries); +@@ -768,7 +788,8 @@ static int acf_odbc_read(struct ast_channel *chan, const char *cmd, char *s, cha + ast_autoservice_start(chan); + } + +- AST_STANDARD_APP_ARGS(args, s); ++ snprintf(varname, sizeof(varname), "%u", args.argc); ++ pbx_builtin_pushvar_helper(chan, "ARGC", varname); + for (x = 0; x < args.argc; x++) { + snprintf(varname, sizeof(varname), "ARG%d", x + 1); + pbx_builtin_pushvar_helper(chan, varname, args.field[x]); +@@ -780,6 +801,8 @@ static int acf_odbc_read(struct ast_channel *chan, const char *cmd, char *s, cha + chan = ast_channel_unref(chan); + } else { + /* Restore prior values */ ++ pbx_builtin_setvar_helper(chan, "ARGC", NULL); ++ + for (x = 0; x < args.argc; x++) { + snprintf(varname, sizeof(varname), "ARG%d", x + 1); + pbx_builtin_setvar_helper(chan, varname, NULL); +@@ -1290,6 +1313,10 @@ static int init_acf_query(struct ast_config *cfg, char *catg, struct acf_odbc_qu + sscanf(tmp, "%30d", &((*query)->rowlimit)); + } + ++ if ((tmp = ast_variable_retrieve(cfg, catg, "minargs"))) { ++ sscanf(tmp, "%30d", &((*query)->minargs)); ++ } ++ + (*query)->acf = ast_calloc(1, sizeof(struct ast_custom_function)); + if (!(*query)->acf) { + free_acf_query(*query); +-- +2.26.3 + |