Fix remotely exploitable stack overrun in Milliwatt - asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Matthew Jordan <mjordan@digium.com>	2012-03-15 18:55:54 +0000
committer	Matthew Jordan <mjordan@digium.com>	2012-03-15 18:55:54 +0000
commit	c61d49d5cc592e07208fb6d85ba6e6edae455aff (patch)
tree	69a73cdb1436a4d353bc930caaa3a5fb37e460b5 /CHANGES
parent	31462e7bd6ee617c4e80302e050e0e5c97a7f5eb (diff)

Fix remotely exploitable stack overrun in Milliwatt

Milliwatt is vulnerable to a remotely exploitable stack overrun when using the 'o' option. This occurs due to the milliwatt_generate function not accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of samples it can put in the output buffer. This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET when determining the maximum number of samples allowed. Note that at no point is remote code execution possible. The data that is written into the buffer is the pre-defined Milliwatt data, and not custom data. (closes issue ASTERISK-19541) Reported by: Russell Bryant Tested by: Matt Jordan Patches: milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283) Note that this patch was written by Russell, even though Matt uploaded it ........ Merged revisions 359645 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2 ........ Merged revisions 359656 from http://svn.asterisk.org/svn/asterisk/branches/1.8 ........ Merged revisions 359694 from http://svn.asterisk.org/svn/asterisk/branches/10 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359704 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Diffstat (limited to 'CHANGES')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: