2.9 KiB
Change Log for Release asterisk-18.20.1
Links:
Summary:
- res_pjsip_header_funcs: Duplicate new header value, don't copy.
- res_pjsip: disable raw bad packet logging
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
- manager.c: Prevent path traversal with GetConfig.
User Notes:
Upgrade Notes:
Closed Issues:
None
Commits By Author:
-
Ben Ford (1):
- manager.c: Prevent path traversal with GetConfig.
-
George Joseph (1):
- res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
-
Gitea (1):
- res_pjsip_header_funcs: Duplicate new header value, don't copy.
-
Mike Bradeen (1):
- res_pjsip: disable raw bad packet logging
Detail:
-
res_pjsip_header_funcs: Duplicate new header value, don't copy.
Author: Gitea
Date: 2023-07-10When updating an existing header the 'update' code incorrectly just copied the new value into the existing buffer. If the new value exceeded the available buffer size memory outside of the buffer would be written into, potentially causing a crash.
This change makes it so that the 'update' now duplicates the new header value instead of copying it into the existing buffer.
-
res_pjsip: disable raw bad packet logging
Author: Mike Bradeen
Date: 2023-07-25Add patch to split the log level for invalid packets received on the signaling port. The warning regarding the packet will move to level 2 so that it can still be displayed, while the raw packet will be at level 4.
-
res_rtp_asterisk.c: Check DTLS packets against ICE candidate list
Author: George Joseph
Date: 2023-11-09When ICE is in use, we can prevent a possible DOS attack by allowing DTLS protocol messages (client hello, etc) only from sources that are in the active remote candidates list.
Resolves: GHSA-hxj9-xwr8-w8pq
-
manager.c: Prevent path traversal with GetConfig.
Author: Ben Ford
Date: 2023-11-13When using AMI GetConfig, it was possible to access files outside of the Asterisk configuration directory by using filenames with ".." and "./" even while live_dangerously was not enabled. This change resolves the full path and ensures we are still in the configuration directory before attempting to access the file.