diff options
| author | Matthew Jordan <mjordan@digium.com> | 2013-01-02 15:39:42 +0000 |
|---|---|---|
| committer | Matthew Jordan <mjordan@digium.com> | 2013-01-02 15:39:42 +0000 |
| commit | 1fb06fde957fb466388c764384c2e14698e2dc15 (patch) | |
| tree | e21651a29686d658d8dde28c54ddec92946497aa /channels/sip/include | |
| parent | 2db81d7fc263ba609bd310b13abbbd8e0d3e3b82 (diff) | |
Resolve crashes due to large stack allocations when using TCP
Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.
This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For SIP, the allocation now has an upper limit
* For HTTP, the allocation is now a heap allocation instead of a stack
allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
unnecesary.
Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.
(issue ASTERISK-20658)
Reported by: wdoekes, Brandon Edwards
Tested by: mmichelson, wdoekes
patches:
ASTERISK-20658_res_jabber.c.patch uploaded by mmichelson (license 5049)
issueA20658_http_postvars_use_malloc2.patch uploaded by wdoekes (license 5674)
issueA20658_limit_sip_packet_size3.patch uploaded by wdoekes (license 5674)
........
Merged revisions 378269 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378286 from http://svn.asterisk.org/svn/asterisk/branches/10
........
Merged revisions 378287 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378288 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels/sip/include')
| -rw-r--r-- | channels/sip/include/sip.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/channels/sip/include/sip.h b/channels/sip/include/sip.h index 9a818553b..f51ac7749 100644 --- a/channels/sip/include/sip.h +++ b/channels/sip/include/sip.h @@ -101,6 +101,7 @@ #define SIP_MAX_HEADERS 64 /*!< Max amount of SIP headers to read */ #define SIP_MAX_LINES 256 /*!< Max amount of lines in SIP attachment (like SDP) */ +#define SIP_MAX_PACKET_SIZE 20480 /*!< Max SIP packet size */ #define SIP_MIN_PACKET 4096 /*!< Initialize size of memory to allocate for packets */ #define MAX_HISTORY_ENTRIES 50 /*!< Max entires in the history list for a sip_pvt */ |