[asterisk-bugs] [Asterisk 0015495]: [patch] Asterisk runs over end of buffer reading manager input over HTTP and segfaults
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Aug 20 22:05:38 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15495
======================================================================
Reported By: pdf
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 15495
Category: Core/HTTP
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: new
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 206284
Request Review:
======================================================================
Date Submitted: 2009-07-13 23:11 CDT
Last Modified: 2009-08-20 22:05 CDT
======================================================================
Summary: [patch] Asterisk runs over end of buffer reading
manager input over HTTP and segfaults
Description:
We have a number of applications working over manager, and whilst I have
not been able to nail down what precisely is causing this, it has occurred
a number of times. It looks like xml_translate is looking for a
null-terminated string, but the string is not always null-terminated, so it
runs off the end of the buffer and segfaults.
======================================================================
----------------------------------------------------------------------
(0109441) pdf (reporter) - 2009-08-20 22:05
https://issues.asterisk.org/view.php?id=15495#c109441
----------------------------------------------------------------------
Unfortunately it's been difficult for us to reproduce, or I would have
included it in the original report. It's also fairly sporadic, so the only
way it was reproduced was by running against a live and loaded system for a
couple of days, which I can't unpatch and do again without some pain.
I'll see if I can come up with some sort of plan to capture the data, but
it's not going to be easy in the short term. If I can come up with
something, what format do you need it in? The only way I can think that
might work is to capture all manager packets arriving on an unpatched
machine, and try correlate the crash with the packet that caused it, though
that might be difficult with multiple manager clients running.
Issue History
Date Modified Username Field Change
======================================================================
2009-08-20 22:05 pdf Note Added: 0109441
======================================================================
More information about the asterisk-bugs
mailing list