Skip to content
Snippets Groups Projects
Commit cca1f9f4 authored by Matthew Jordan's avatar Matthew Jordan
Browse files

Fix remotely exploitable stack overflow in HTTP manager 

There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk.  The particular method in question
is only utilized by HTTP AMI.  When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.

This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.

(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
........

Merged revisions 359706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 359707 from http://svn.asterisk.org/svn/asterisk/branches/10


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359708 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent c65b41f5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 65 additions and 63 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment