[asterisk-bugs] [Asterisk 0015495]: [patch] Asterisk runs over end of buffer reading manager input over HTTP and segfaults
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Sep 2 02:07:03 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15495
======================================================================
Reported By: pdf
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 15495
Category: Core/HTTP
Reproducibility: sometimes
Severity: crash
Priority: normal
Status: new
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 206284
Request Review:
======================================================================
Date Submitted: 2009-07-13 23:11 CDT
Last Modified: 2009-09-02 02:07 CDT
======================================================================
Summary: [patch] Asterisk runs over end of buffer reading
manager input over HTTP and segfaults
Description:
We have a number of applications working over manager, and whilst I have
not been able to nail down what precisely is causing this, it has occurred
a number of times. It looks like xml_translate is looking for a
null-terminated string, but the string is not always null-terminated, so it
runs off the end of the buffer and segfaults.
======================================================================
----------------------------------------------------------------------
(0110004) pdf (reporter) - 2009-09-02 02:07
https://issues.asterisk.org/view.php?id=15495#c110004
----------------------------------------------------------------------
Capturing the input and correlating to the crash is proving just too
difficult - it takes more time than we have to reproduce in the lab, and we
can't leave live systems unpatched if they're going to be susceptible to
remote crashes.
The most successful method of reproducing the bug has been to have many
users making calls via:
https://addons.mozilla.org/en-US/firefox/addon/8510
But I haven't been able to differentiate crash-causing input from the
rest, and it can take hours to days to for a segfault to occur, even though
it looks like predominantly the same data is being sent down the wire.
Please let me know what we can do to help get this bug fixed - I'm sure
you'll agree that remote segfaults are serious business.
Issue History
Date Modified Username Field Change
======================================================================
2009-09-02 02:07 pdf Note Added: 0110004
======================================================================
More information about the asterisk-bugs
mailing list