[asterisk-bugs] [JIRA] Status Changed to Waiting for Development: (ASTERISK-20349) DEBUG_MALLOC version of ast_strndup() may cause buffer overflow
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Aug 31 13:50:07 CDT 2012
[ https://issues.asterisk.org/jira/browse/ASTERISK-20349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-20349:
-----------------------------------
Status: Open (was: Triage)
> DEBUG_MALLOC version of ast_strndup() may cause buffer overflow
> ---------------------------------------------------------------
>
> Key: ASTERISK-20349
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-20349
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Core/AstMM
> Affects Versions: 11.0.0-beta1
> Reporter: Brent Eagles
>
> In astmm.c, __ast_strndup() calls strcpy() causing strlen(source) characters to be copied into a destination buffer that is sized according to the number of characters to be copied (n), where n may be less than strlen(source). High fence violations are correctly reported if strlen(source) > n.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the asterisk-bugs
mailing list