From 6288af5ef19b1d081b6ea0d2aed0ca19c9a77671 Mon Sep 17 00:00:00 2001
From: Mark Lipscombe <mlipscombe@gmail.com>
Date: Wed, 4 Nov 2015 17:33:11 +1100
Subject: [PATCH] FS-8413: Segfault calling session:getVariable(nil) in lua
 script

script calling session:getVariable() with a null variable
name will cause FreeSWITCH to segfault.

This change checks whether varname parameter to
switch_channel_get_variable_dup is non-NULL.
---
 src/switch_channel.c | 46 +++++++++++++++++++++++---------------------
 1 file changed, 24 insertions(+), 22 deletions(-)

diff --git a/src/switch_channel.c b/src/switch_channel.c
index fc587b8b20..5d21a4d7a7 100644
--- a/src/switch_channel.c
+++ b/src/switch_channel.c
@@ -944,32 +944,34 @@ SWITCH_DECLARE(const char *) switch_channel_get_variable_dup(switch_channel_t *c
 
 	switch_mutex_lock(channel->profile_mutex);
 
-	if (channel->scope_variables) {
-		switch_event_t *ep;
+	if (!zstr(varname)) {
+		if (channel->scope_variables) {
+			switch_event_t *ep;
 
-		for (ep = channel->scope_variables; ep; ep = ep->next) {
-			if ((v = switch_event_get_header_idx(ep, varname, idx))) {
-				break;
-			}
-		}
-	}
-
-	if (!v && (!channel->variables || !(v = switch_event_get_header_idx(channel->variables, varname, idx)))) {
-		switch_caller_profile_t *cp = switch_channel_get_caller_profile(channel);
-
-		if (cp) {
-			if (!strncmp(varname, "aleg_", 5)) {
-				cp = cp->originator_caller_profile;
-				varname += 5;
-			} else if (!strncmp(varname, "bleg_", 5)) {
-				cp = cp->originatee_caller_profile;
-				varname += 5;
+			for (ep = channel->scope_variables; ep; ep = ep->next) {
+				if ((v = switch_event_get_header_idx(ep, varname, idx))) {
+					break;
+				}
 			}
 		}
 
-		if (!cp || !(v = switch_caller_get_field_by_name(cp, varname))) {
-			if ((vdup = switch_core_get_variable_pdup(varname, switch_core_session_get_pool(channel->session)))) {
-				v = vdup;
+		if (!v && (!channel->variables || !(v = switch_event_get_header_idx(channel->variables, varname, idx)))) {
+			switch_caller_profile_t *cp = switch_channel_get_caller_profile(channel);
+
+			if (cp) {
+				if (!strncmp(varname, "aleg_", 5)) {
+					cp = cp->originator_caller_profile;
+					varname += 5;
+				} else if (!strncmp(varname, "bleg_", 5)) {
+					cp = cp->originatee_caller_profile;
+					varname += 5;
+				}
+			}
+
+			if (!cp || !(v = switch_caller_get_field_by_name(cp, varname))) {
+				if ((vdup = switch_core_get_variable_pdup(varname, switch_core_session_get_pool(channel->session)))) {
+					v = vdup;
+				}
 			}
 		}
 	}