sysmocom
/
asterisk
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
asterisk/main
History
Matthew Jordan 89f9e077d7 Prevent crashes from occurring when reading from data sources with large values 
When reading configuration data from an Asterisk .conf file or when pulling
data from an Asterisk RealTime backend, Asterisk was copying the data on the
stack for manipulation. Unfortunately, it is possible to read configuration
data or realtime data from some data source that provides a large blob of
characters. This could potentially cause a crash via a stack overflow.

This patch prevents large sets of data from being read from an ARA backend or
from an Asterisk conf file.

(issue ASTERISK-20658)
Reported by: wdoekes
Tested by: wdoekes, mmichelson
patches:
 * issueA20658_dont_process_overlong_config_lines.patch uploaded by wdoekes (license 5674)
 * issueA20658_func_realtime_limit.patch uploaded by wdoekes (license 5674)
........

Merged revisions 378375 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 378376 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@378377 65c4cc65-6c06-0410-ace0-fbb531ad65f3
 		2013-01-02 22:10:32 +00:00
..
editline Enable usage of system-provided NetBSD editline library if available. 2012-07-25 12:21:54 +00:00
stdtime Cleanup core main on exit. 2012-12-03 20:46:11 +00:00
Makefile Make libasteriskssl.so symlink use a relative path. 2012-12-17 20:59:51 +00:00
abstract_jb.c Unit tests for the Jitter Buffer API; remove unnecessary resync 2012-07-23 21:15:26 +00:00
acl.c Trivial patch to make 'best_score' defined for all architectures. 2012-10-07 17:33:38 +00:00
adsi.c Fix crash in unloading of res_adsi module 2012-06-26 13:23:12 +00:00
alaw.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
aoc.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
app.c core: Fix a memory leak in app.c from an early return 2012-10-22 20:19:51 +00:00
ast_expr2.c Allow the REALTIME() function to report errors back to the caller. 2012-07-11 17:16:50 +00:00
ast_expr2.fl Avoid cppcheck warnings; removing unused vars and a bit of cleanup. 2012-04-17 18:57:40 +00:00
ast_expr2.h Allow the REALTIME() function to report errors back to the caller. 2012-07-11 17:16:50 +00:00
ast_expr2.y Multiple revisions 360356-360357 2012-03-24 02:42:42 +00:00
ast_expr2f.c Doxygen Updates - janitor work 2012-09-21 17:14:59 +00:00
asterisk.c Add UUID support to Asterisk. 2012-12-11 21:04:45 +00:00
asterisk.dynamics Remove the old stub files, preferring the optional_api method. 2010-07-14 20:48:59 +00:00
asterisk.exports.in Add new config-parsing framework 2012-06-01 16:33:25 +00:00
astfd.c Doxygen Updates Janitor Work 2012-09-22 20:43:30 +00:00
astmm.c MALLOC_DEBUG: Only wait if we want atexit allocation dumps. 2012-12-07 23:45:15 +00:00
astobj2.c Add red-black tree container type to astobj2. 2012-11-21 18:33:16 +00:00
audiohook.c Doxygen Updates Janitor Work 2012-09-22 20:43:30 +00:00
autochan.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
autoservice.c Hangup handlers - Dialplan subroutines that run when the channel hangs up. 2012-06-29 17:02:32 +00:00
bridging.c Fix bridging thread leak. 2012-07-06 15:31:52 +00:00
buildinfo.c fix a few small things found by using sparse 2008-10-30 16:49:02 +00:00
callerid.c Allow for redirecting reasons to be set to arbitrary strings. 2012-09-25 19:29:14 +00:00
ccss.c Prevent exhaustion of system resources through exploitation of event cache 2013-01-02 18:11:59 +00:00
cdr.c Cleanup CDR resources on exit. 2012-12-03 18:45:18 +00:00
cel.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
channel.c Prevent exhaustion of system resources through exploitation of event cache 2013-01-02 18:11:59 +00:00
channel_internal_api.c Prevent exhaustion of system resources through exploitation of event cache 2013-01-02 18:11:59 +00:00
chanvars.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
cli.c Cleanup CLI resources on exit and CLI command registration errors. 2012-12-03 19:17:24 +00:00
config.c Prevent crashes from occurring when reading from data sources with large values 2013-01-02 22:10:32 +00:00
config_options.c Fix a variety of ref counting issues 2012-10-02 01:47:16 +00:00
cygload.c Kill off red blobs in most of main/* 2012-03-22 19:51:16 +00:00
data.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
datastore.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
db.c Properly finalize prepared SQLite3 statements to prevent memory leak 2012-11-04 01:19:43 +00:00
devicestate.c Prevent exhaustion of system resources through exploitation of event cache 2013-01-02 18:11:59 +00:00
dial.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
dns.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
dnsmgr.c Cleanup dnsmgr on exit. 2012-12-11 00:37:01 +00:00
dsp.c Doxygen Updates - Title update 2012-10-18 14:17:40 +00:00
ecdisa.h Kill off red blobs in most of main/* 2012-03-22 19:51:16 +00:00
enum.c Doxygen Updates - Title update 2012-10-18 14:17:40 +00:00
event.c Prevent exhaustion of system resources through exploitation of event cache 2013-01-02 18:11:59 +00:00
features.c Fix AMI redirect action with two channels failing to redirect both channels. 2013-01-02 21:23:16 +00:00
file.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
fixedjitterbuf.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
fixedjitterbuf.h Kill off red blobs in most of main/* 2012-03-22 19:51:16 +00:00
format.c Remove init_framer(). It no longer does anything. 2012-12-05 02:23:10 +00:00
format_cap.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
format_pref.c Things don't need to be that const. 2012-11-02 21:01:33 +00:00
frame.c Rewrite a comment that didn't adequately explain the code it was documenting. 2012-07-24 16:54:26 +00:00
framehook.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
fskmodem.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
fskmodem_float.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
fskmodem_int.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
global_datastores.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
hashtab.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
heap.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
http.c Resolve crashes due to large stack allocations when using TCP 2013-01-02 15:39:42 +00:00
image.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
indications.c Cleanup indications on exit. 2012-12-11 02:13:37 +00:00
io.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
jitterbuf.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
libasteriskssl.c Resolve memory leaks in TLS initialization and TLS client connections 2012-09-14 19:53:43 +00:00
libasteriskssl.exports.in Address OpenSSL initialization issues when using third-party libraries. 2012-01-30 21:21:16 +00:00
loader.c Fix potential double free when unloading a module. 2012-12-17 23:10:42 +00:00
lock.c Re-initialize logmsgs mutex upon logger initialization to prevent lock errors 2012-11-23 00:02:23 +00:00
logger.c Cleanup logger on exit. 2012-12-11 02:44:53 +00:00
manager.c Fix AMI redirect action with two channels failing to redirect both channels. 2013-01-02 21:23:16 +00:00
md5.c md5: supress some compiler warnings. 2012-04-28 01:33:49 +00:00
message.c Update documentation for MessageSend application/command's From field for XMPP 2012-10-06 01:47:00 +00:00
named_acl.c Minor code cleanup in named_acl.c. 2012-12-06 15:13:37 +00:00
netsock.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
netsock2.c Fix NULL pointer segfault in ast_sockaddr_parse() 2012-06-20 02:07:00 +00:00
pbx.c Cleanup pbx on exit. 2012-12-11 20:05:32 +00:00
plc.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
poll.c Merged revisions 285268 via svnmerge from 2010-09-07 19:09:08 +00:00
presencestate.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
privacy.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
rtp_engine.c Multiple revisions 375993-375994 2012-11-07 19:15:26 +00:00
say.c Fix saying of date in Dutch. 2012-09-25 23:10:22 +00:00
sched.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
security_events.c Fix most leftover non-opaque ast_str uses. 2012-11-19 20:03:56 +00:00
sha1.c Doxygen Updates - janitor work 2012-09-21 17:14:59 +00:00
sip_api.c Don't make chan_sip export global symbols. 2012-10-11 15:49:02 +00:00
slinfactory.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
srv.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
strcompat.c Clean up and ensure proper usage of alloca() 2012-07-31 20:21:43 +00:00
strings.c Doxygen Updates - janitor work 2012-09-21 17:14:59 +00:00
stun.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
syslog.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
taskprocessor.c Re-add taskprocessor cleanup code that was removed by the UUID merge. 2012-12-13 15:40:03 +00:00
tcptls.c Ensure Asterisk fails TCP/TLS SIP calls when certificate checking fails 2012-10-17 19:01:27 +00:00
tdd.c Doxygen Updates - janitor work 2012-09-21 17:14:59 +00:00
term.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
test.c Add red-black tree container type to astobj2. 2012-11-21 18:33:16 +00:00
threadstorage.c Clean up and ensure proper usage of alloca() 2012-07-31 20:21:43 +00:00
timing.c Cleanup CLI commands on exit for several files. 2012-12-11 22:03:23 +00:00
translate.c Revert 378248. I changed the logic of this function unitentionally, pointed out by file. 2013-01-01 17:10:42 +00:00
udptl.c Cleanup udptl on exit. 2012-12-11 21:22:45 +00:00
ulaw.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
utils.c Remove compile time check HAVE_DEV_URANDOM. 2012-12-13 16:18:52 +00:00
uuid.c Add UUID support to Asterisk. 2012-12-11 21:04:45 +00:00
xml.c Multiple revisions 369001-369002 2012-06-15 16:20:16 +00:00
xmldoc.c Improve documentation by making all of the colors used readable, 2012-12-10 01:41:50 +00:00