Matthew Jordan
authored
When reading configuration data from an Asterisk .conf file or when pulling data from an Asterisk RealTime backend, Asterisk was copying the data on the stack for manipulation. Unfortunately, it is possible to read configuration data or realtime data from some data source that provides a large blob of characters. This could potentially cause a crash via a stack overflow. This patch prevents large sets of data from being read from an ARA backend or from an Asterisk conf file. (issue ASTERISK-20658) Reported by: wdoekes Tested by: wdoekes, mmichelson patches: * issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674) * issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674) ........ Merged revisions 378375 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 378376 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378377 65c4cc65-6c06-0410-ace0-fbb531ad65f3