Has Asterisk ever been audited for common security holes, such as buffer overruns?
A quick grep through the source for routines that should never be used, like strcpy, strcat, etc., reveals a lot of it. I fear I fear. Has anyone flung pathology at IAX2 to see if it stands up to malformed packets? (This is always an issue when you have a protocol that only a small number of programs use ...) I hope I'm wrong, but I have a very queasy feeling ... [We already know that H.323 is not being looked after, security-wise ...] _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
