[asterisk-bugs] [Asterisk 0013398]: [patch] Channel name buffer is too small

Asterisk Bug Tracker noreply at bugs.digium.com
Fri Aug 29 07:40:57 CDT 2008


The following issue has been UPDATED. 
====================================================================== 
http://bugs.digium.com/view.php?id=13398 
====================================================================== 
Reported By:                bamby
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   13398
Category:                   Core/ManagerInterface
Reproducibility:            always
Severity:                   tweak
Priority:                   normal
Status:                     new
Asterisk Version:           1.4.21.2 
SVN Branch (only for SVN checkouts, not tarball releases):  trunk 
SVN Revision (number only!):  
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             2008-08-29 03:40 CDT
Last Modified:              2008-08-29 07:40 CDT
====================================================================== 
Summary:                    [patch] Channel name buffer is too small
Description: 
When doing Originate request using the Manager Interface the Channel
attribute of the request contains the channel specification. The buffer for
this data is AST_MAX_EXTENSION long, which is 80 bytes only, while for
example a SIP channel specification can contain not only extension but also
authname (can be quite long), password, md5 secret (32 bytes), hostname
(MAXHOSTNAMELEN = 256) and port (5 bytes). So the buffer for SIP channel
specification should be at least 462 bytes:

  channel name (3 bytes) + extension (80) + password or digest (at least
32) + autname (about 80 bytes) + hostname (256) + port (5) + delimiters
(6)

The patch (against trunk) attached.
====================================================================== 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2008-08-29 07:40 blitzrage      Disclaimer on File?       => N/A             
2008-08-29 07:40 blitzrage      Severity                 major => tweak      
======================================================================




More information about the asterisk-bugs mailing list