Bug#697230: asterisk: Two security issues: AST-2012-014 / AST-2012-015
Javier Serrano Polo
javier at jasp.net
Mon Jan 14 15:02:22 UTC 2013
AST-2012-014: b/channels/chan_sip.c
@@ -3078,7 +3079,7 @@ static void *_sip_tcp_helper_thread(stru
req.socket.fd = tcptls_session->fd;
/* Read in headers one line at a time */
- while (req.len < 4 || strncmp(REQ_OFFSET_TO_STR(&req, len - 4), "\r\n\r\n", 4)) {
+ while ((req.len <= SIP_MAX_PACKET_SIZE) || (req.len < 4 || strncmp(REQ_OFFSET_TO_STR(&req, len - 4), "\r\n\r\n", 4))) {
if (!tcptls_session->client && !authenticated ) {
if ((timeout = sip_check_authtimeout(start)) < 0) {
goto cleanup;
Are you sure? That size hint condition should be ANDed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4000 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-voip-maintainers/attachments/20130114/c33dd1b0/attachment.bin>
More information about the Pkg-voip-maintainers
mailing list