[asterisk-bugs] [Asterisk 0014217]: [patch] app_page causes undefined behavior when paging a page group with more than 128 extensions
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Jan 13 19:27:19 CST 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=14217
======================================================================
Reported By: a_villacis
Assigned To: otherwiseguy
======================================================================
Project: Asterisk
Issue ID: 14217
Category: Applications/app_page
Reproducibility: always
Severity: major
Priority: normal
Status: confirmed
Asterisk Version: 1.4.22
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Disclaimer on File?: N/A
Request Review:
======================================================================
Date Submitted: 2009-01-12 10:06 CST
Last Modified: 2009-01-13 19:27 CST
======================================================================
Summary: [patch] app_page causes undefined behavior when
paging a page group with more than 128 extensions
Description:
When defining a paging group, if this group has more than 128 extensions,
an attempt to ring this paging group causes *all* calls (including those
belonging to extensions not part of the group) to be hung up. Analysis of
the root problem shows that a range of undefined behaviors can occur, up to
and including the crash of the Asterisk server.
======================================================================
----------------------------------------------------------------------
(0097694) svnbot (reporter) - 2009-01-13 19:27
http://bugs.digium.com/view.php?id=14217#c97694
----------------------------------------------------------------------
Repository: asterisk
Revision: 168593
U branches/1.4/apps/app_page.c
------------------------------------------------------------------------
r168593 | twilson | 2009-01-13 19:27:19 -0600 (Tue, 13 Jan 2009) | 20
lines
Don't overflow when paging more than 128 extensions
The number of available slots for calls in app_page was hardcoded to 128.
Proper bounds checking was not in place to enforce this limit, so if more
than
128 extensions were passed to the Page() app, Asterisk would crash. This
patch
instead dynamically allocates memory for the ast_dial structures and
removes
the (non-functional) arbitrary limit.
This issue would have special importance to anyone who is dynamically
creating
the argument passed to the Page application and allowing more than 128
extensions to be added by an outside user via some external interface.
The patch posted by a_villacis was slightly modified for some coding
guidelines
and other cleanups. Thanks, a_villacis!
(closes issue http://bugs.digium.com/view.php?id=14217)
Reported by: a_villacis
Patches:
20080912-asterisk-app_page-fix-buffer-overflow.patch uploaded by a
(license 660)
Tested by: otherwiseguy
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=168593
Issue History
Date Modified Username Field Change
======================================================================
2009-01-13 19:27 svnbot Checkin
2009-01-13 19:27 svnbot Note Added: 0097694
======================================================================
More information about the asterisk-bugs
mailing list