Bug#411293: asterisk-chan-capi: Need a mutex for calls to
capi_{cmsg, message}2str
Ben Hutchings
ben at decadent.org.uk
Sun Mar 4 15:07:53 UTC 2007
On Sat, 2007-03-03 at 22:45 +0100, Moritz Muehlenhoff wrote:
> On Mon, Feb 26, 2007 at 08:38:01AM +0100, Lionel Elie Mamane wrote:
> > On Sun, Feb 25, 2007 at 11:53:09PM +0000, Ben Hutchings wrote:
> > > Lionel Elie Mamane <lionel at mamane.lu> wrote:
> >
> > >> I'm now next to the machine and after some cable fiddling, it seems
> > >> that despite the warning, basic functionality still works; it can
> > >> answer to calls and make calls.
> >
> > > I'm glad to hear that. Did you apply both the isdnutils and
> > > asterisk-chan-capi patches (they are both needed to close the security
> > > hole)?
> >
> > I tested only asterisk-chan-capi, my own recompile of your source
> > package. I tested the sid version.
> >
> > Time permitting, I may give the isdnutils and kernel patches a shot
> > during the week, as well as the sarge version of asterisk-chan-capi.
>
> According to the Linux ISDN maintainer CAPI messages triggering such an
> overflow cannot be sent over the ISDN network due to technical limits.
He actually wrote "It can be overflowed by a single evil message from a
local source, but not via the ISDN network." This means a single
message from the ISDN network cannot cause overflow.
However, unless I'm missing something that ensures capi_cmsg2str is only
ever called from one thread, two messages that are received around the
same time could cause an overflow. Hence the requirement for a mutex.
> I don't know asterisk-chan-capi, can CAPI messages originate otherwise?
Neither do I.
> If not, it probably doesn't need a fix for Etch.
Ben.
--
Ben Hutchings
Q. Which is the greater problem in the world today, ignorance or apathy?
A. I don't know and I couldn't care less.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20070304/9253459c/attachment.pgp
More information about the Pkg-voip-maintainers
mailing list