Author: mmichelson Date: Wed Apr 1 15:32:52 2015 New Revision: 433918 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=433918 Log: core: avoid possible asterisk -r crash from long id
When connecting to the remote console, an id string is first provided that consts of the hostname, pid, and version. This is parsed by the remote instance using a buffer that may be too short, and can allow a buffer overrun because it is not terminated. This patch adds termination and a larger buffer. Review: https://reviewboard.asterisk.org/r/4182/ AFS-254 ........ Merged revisions 429223 from http://svn.asterisk.org/svn/asterisk/branches/13 Modified: certified/branches/13.1/ (props changed) certified/branches/13.1/main/asterisk.c Propchange: certified/branches/13.1/ ------------------------------------------------------------------------------ Binary property 'branch-13-merged' - no diff available. Modified: certified/branches/13.1/main/asterisk.c URL: http://svnview.digium.com/svn/asterisk/certified/branches/13.1/main/asterisk.c?view=diff&rev=433918&r1=433917&r2=433918 ============================================================================== --- certified/branches/13.1/main/asterisk.c (original) +++ certified/branches/13.1/main/asterisk.c Wed Apr 1 15:32:52 2015 @@ -3299,7 +3299,7 @@ static void ast_remotecontrol(char *data) { - char buf[80]; + char buf[256] = ""; int res; char filename[80] = ""; char *hostname; @@ -3316,7 +3316,7 @@ signal(SIGTERM, __remote_quit_handler); signal(SIGHUP, __remote_quit_handler); - if (read(ast_consock, buf, sizeof(buf)) < 0) { + if (read(ast_consock, buf, sizeof(buf) - 1) < 0) { ast_log(LOG_ERROR, "read() failed: %s\n", strerror(errno)); return; } -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
