skip dialplan args with bad char sequences

git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16882 d0543943-73ff-0310-b7d9-9358b9ac24b2

skip dialplan args with bad char sequences
git-svn-id: http://svn.freeswitch.org/svn/freeswitch/trunk@16882 d0543943-73ff-0310-b7d9-9358b9ac24b2
9819eed5 · Brian West · 4a9fc2c7 · 9819eed5 · 9819eed5 · 9819eed5
--- a/src/include/switch_mprintf.h
+++ b/src/include/switch_mprintf.h
@@ -57,6 +57,7 @@ SWITCH_BEGIN_EXTERN_C
 */
 SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...);
 SWITCH_DECLARE(char *) switch_vmprintf(const char *zFormat, va_list ap);
+SWITCH_DECLARE(char *) switch_snprintfv(char *zBuf, int n, const char *zFormat, ...);
 SWITCH_END_EXTERN_C
 #endif /* SWITCH_MPRINTF_H */
--- a/src/include/switch_utils.h
+++ b/src/include/switch_utils.h
@@ -104,7 +104,7 @@ static inline int switch_string_has_escaped_data(const char *in)
 	while (i && *i == '\\') {
 		i++;
-		if (*i == '\\' || *i == 'n' || *i == 's' || *i == 't') {
+		if (*i == '\\' || *i == 'n' || *i == 's' || *i == 't' || *i == '\'') {
 			return 1;
 		}
 		i = strchr(i, '\\');

--- a/src/switch_caller.c
+++ b/src/switch_caller.c
@@ -415,6 +415,13 @@ SWITCH_DECLARE(void) switch_caller_extension_add_application_printf(switch_core_
 	va_end(ap);
 	if (data) {
+		char *p;
+		if ((p = strstr(data, "\\'"))) {
+			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "App not added, Invalid character sequence in data string [%s]\n", data);
+			free(data);
+			return;
+		}
 		switch_caller_extension_add_application(session, caller_extension, application_name, data);
 		free(data);
 	}
@@ -426,12 +433,22 @@ SWITCH_DECLARE(void) switch_caller_extension_add_application(switch_core_session
 															 const char *application_data)
 {
 	switch_caller_application_t *caller_application = NULL;
+	char *p;
 	switch_assert(session != NULL);
 	if ((caller_application = switch_core_session_alloc(session, sizeof(switch_caller_application_t))) != 0) {
 		caller_application->application_name = switch_core_session_strdup(session, application_name);
 		caller_application->application_data = switch_core_session_strdup(session, application_data);
+		if ((p = strstr(caller_application->application_data, "\\'"))) {
+			switch_log_printf(SWITCH_CHANNEL_LOG, SWITCH_LOG_WARNING, "App not added, Invalid character sequence in data string [%s]\n", 
+							  caller_application->application_data);
+			return;
+		}
 		if (!caller_extension->applications) {
 			caller_extension->applications = caller_application;
 		} else if (caller_extension->last_application) {

--- a/src/switch_channel.c
+++ b/src/switch_channel.c
@@ -2438,6 +2438,9 @@ SWITCH_DECLARE(char *) switch_channel_expand_variables(switch_channel_t *channel
 				if (*(p + 1) == '$') {
 					nv = 1;
 					p++;
+				} else if (*(p + 1) == '\'') {
+					p++;
+					continue;
 				} else if (*(p + 1) == '\\') {
 					*c++ = *p++;
 					len++;

--- a/src/switch_event.c
+++ b/src/switch_event.c
@@ -1395,6 +1395,9 @@ SWITCH_DECLARE(char *) switch_event_expand_headers(switch_event_t *event, const
 				if (*(p + 1) == '$') {
 					nv = 1;
 					p++;
+				} else if (*(p + 1) == '\'') {
+					p++;
+					continue;
 				} else if (*(p + 1) == '\\') {
 					*c++ = *p++;
 					len++;

--- a/src/switch_mprintf.c
+++ b/src/switch_mprintf.c
@@ -871,30 +871,6 @@ static void *printf_realloc(void *old, int size)
 	return realloc(old, size);
 }
-/*
-** Print into memory. Use the internal %-conversion extensions.
-*/
-SWITCH_DECLARE(char *) switch_vmprintf(const char *zFormat, va_list ap)
-{
-	char zBase[SWITCH_PRINT_BUF_SIZE];
-	return base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-}
-/*
-** Print into memory. Use the internal %-conversion extensions.
-*/
-SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...)
-{
-	va_list ap;
-	char *z;
-	char zBase[SWITCH_PRINT_BUF_SIZE];
-	va_start(ap, zFormat);
-	z = base_vprintf(printf_realloc, 1, zBase, sizeof(zBase), zFormat, ap);
-	va_end(ap);
-	return z;
-}
-#ifdef __UNUSED__
 /*
 ** Print into memory. Omit the internal %-conversion extensions.
 */
@@ -924,7 +900,7 @@ SWITCH_DECLARE(char *) switch_mprintf(const char *zFormat, ...)
 ** are not able to use a "," as the decimal point in place of "." as
 ** specified by some locales.
 */
-SWITCH_DECLARE(char *) switch_snprintf(int n, char *zBuf, const char *zFormat, ...)
+SWITCH_DECLARE(char *) switch_snprintfv(char *zBuf, int n, const char *zFormat, ...)
 {
 	char *z;
 	va_list ap;
@@ -934,4 +910,4 @@ SWITCH_DECLARE(char *) switch_snprintf(int n, char *zBuf, const char *zFormat, .
 	va_end(ap);
 	return z;
 }
-#endif