[asterisk-bugs] [JIRA] Commented: (ASTERISK-20349) DEBUG_MALLOC version of ast_strndup() may cause buffer overflow

Brent Eagles (JIRA) noreply at issues.asterisk.org
Fri Aug 31 11:53:07 CDT 2012


    [ https://issues.asterisk.org/jira/browse/ASTERISK-20349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=196503#comment-196503 ] 

Brent Eagles commented on ASTERISK-20349:
-----------------------------------------

The problem was initially encountered while testing Asterisk ICE support.

> DEBUG_MALLOC version of ast_strndup() may cause buffer overflow
> ---------------------------------------------------------------
>
>                 Key: ASTERISK-20349
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20349
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/AstMM
>    Affects Versions: 11.0.0-beta1
>            Reporter: Brent Eagles
>
> In astmm.c, __ast_strndup() calls strcpy() causing strlen(source) characters to be copied into a destination buffer that is sized according to the number of characters to be copied (n), where n may be less than strlen(source). High fence violations are correctly reported if strlen(source) > n.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list