diff options
| author | Matthew Jordan <mjordan@digium.com> | 2013-01-02 22:10:32 +0000 |
|---|---|---|
| committer | Matthew Jordan <mjordan@digium.com> | 2013-01-02 22:10:32 +0000 |
| commit | 89f9e077d7fce488c1cc0644cc152a6c101aae02 (patch) | |
| tree | c534373f49f1d4ac03f912832b2d802bef969fda /main/config.c | |
| parent | 5601f3be43b06363541f585f23ebd8cf29b081c6 (diff) | |
Prevent crashes from occurring when reading from data sources with large values
When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.
This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.
(issue ASTERISK-20658)
Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
* issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
* issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
........
Merged revisions 378375 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........
Merged revisions 378376 from http://svn.asterisk.org/svn/asterisk/branches/11
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378377 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'main/config.c')
| -rw-r--r-- | main/config.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/main/config.c b/main/config.c index f56421ee0..cf2b84c72 100644 --- a/main/config.c +++ b/main/config.c @@ -1646,6 +1646,17 @@ static struct ast_config *config_text_file_load(const char *database, const char while (!feof(f)) { lineno++; if (fgets(buf, sizeof(buf), f)) { + /* Skip lines that are too long */ + if (strlen(buf) == sizeof(buf) - 1 && buf[sizeof(buf) - 1] != '\n') { + ast_log(LOG_WARNING, "Line %d too long, skipping. It begins with: %.32s...\n", lineno, buf); + while (fgets(buf, sizeof(buf), f)) { + if (strlen(buf) != sizeof(buf) - 1 || buf[sizeof(buf) - 1] == '\n') { + break; + } + } + continue; + } + if (ast_test_flag(&flags, CONFIG_FLAG_WITHCOMMENTS) && lline_buffer && ast_str_strlen(lline_buffer)) { CB_ADD(&comment_buffer, ast_str_buffer(lline_buffer)); /* add the current lline buffer to the comment buffer */ ast_str_reset(lline_buffer); /* erase the lline buffer */ |