Patches item #2011751, was opened at 2008-07-06 17:31 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=637566&aid=2011751&group_id=104305
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: sipp Group: None Status: Open Resolution: None Priority: 5 Private: Yes Submitted By: Peter Lemenkov (peter_lemenkov) Assigned to: Nobody/Anonymous (nobody) Summary: CVE-2008-2085 Fix Initial Comment: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2085 uint32_t get_remote_ip_media(char *msg) { char pattern[] = "c=IN IP4 "; char *begin, *end; char ip[32]; begin = strstr(msg, pattern); begin += sizeof("c=IN IP4 ") - 1; end = strstr(begin, "\r\n"); memset(ip, 0, 32); strncpy(ip, begin, end - begin); return inet_addr(ip); } In a strncpy function the last argument should be size of ip, not the size of (end - begin). Patch against latest svn applied. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=637566&aid=2011751&group_id=104305 ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Sipp-users mailing list Sipp-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sipp-users
