Re: [asterisk-dev] [Code Review] 4182: core: avoid rasterisk crash due to long identifier

Fri, 14 Nov 2014 14:08:35 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4182/#review13777
-----------------------------------------------------------



/branches/13/main/asterisk.c
<https://reviewboard.asterisk.org/r/4182/#comment24262>

    Does this actually initialize 256 bytes of '\0', or just initialize the 
first byte?



/branches/13/main/asterisk.c
<https://reviewboard.asterisk.org/r/4182/#comment24261>

    Space around '-'.
    
    Also why was the return removed?


- Corey Farrell


On Nov. 14, 2014, 10:12 a.m., Scott Griepentrog wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4182/
> -----------------------------------------------------------
> 
> (Updated Nov. 14, 2014, 10:12 a.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> When connecting to the remote console, an identifier string is first provided 
> that consists of hostname/pid/version.  This is parsed by the remote instance 
> in a buffer allocated to only 80 bytes.  It is possible for a combination of 
> very long hostname and very long asterisk version number to be greater than 
> 80 characters, causing the parsing to fall off the end of the allocated 
> memory buffer and potentially crash.
> 
> This change increases the buffer from 80 to 256 to significantly reduce that 
> possibility.
> 
> 
> Diffs
> -----
> 
>   /branches/13/main/asterisk.c 427813 
> 
> Diff: https://reviewboard.asterisk.org/r/4182/diff/
> 
> 
> Testing
> -------
> 
> It stopped crashing on a repeated test I was running where the atoi of the 
> version # happen to hit the end of the buffer.
> 
> 
> Thanks,
> 
> Scott Griepentrog
> 
>


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

asterisk-dev mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-dev

Reply via email to