-
Sean Bright authored
The HTTP request processing in res_http_websocket allocates additional space on the stack for various headers received during an Upgrade request. An attacker could send a specially crafted request that causes this code to overflow the stack, resulting in a crash. * No longer allocate memory from the stack in a loop to parse the header values. NOTE: There is a slight API change when using the passed in strings as is. We now require the passed in strings to no longer have leading or trailing whitespace. This isn't a problem as the only callers have already done this before passing the strings to the affected function. ASTERISK-28013 #close Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
Sean Bright authoredThe HTTP request processing in res_http_websocket allocates additional space on the stack for various headers received during an Upgrade request. An attacker could send a specially crafted request that causes this code to overflow the stack, resulting in a crash. * No longer allocate memory from the stack in a loop to parse the header values. NOTE: There is a slight API change when using the passed in strings as is. We now require the passed in strings to no longer have leading or trailing whitespace. This isn't a problem as the only callers have already done this before passing the strings to the affected function. ASTERISK-28013 #close Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
