[asterisk-bugs] [JIRA] (ASTERISK-24357) [fax] Out of bounds error in update_modem_bits
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Nov 3 13:56:34 CST 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24357?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-24357:
-----------------------------------
Target Release Version/s: 1.8.32.0
> [fax] Out of bounds error in update_modem_bits
> ----------------------------------------------
>
> Key: ASTERISK-24357
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24357
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_fax
> Affects Versions: 11.13.0
> Reporter: Jeremy Lainé
> Assignee: Richard Mudgett
> Target Release: 1.8.32.0, 11.14.0, 13.0.0-beta3
>
> Attachments: res_fax_bounds.patch
>
>
> The update_modem_bits function in res_fax.c suffers from an out of bounds error : it allocates an array "m" of size 5, but can potentially write 6 entries to the array, counting the final NULL value.
> As there are only 4 valid values (v17, v27, v29 and v34) for modems, the loop should stop iterating one item earlier.
> Putting 5 items or more in the "modems" line of res_fax.conf crashes asterisk, for instance:
> modems=v17,v27,v29,v34,v17
> The attached patch fixes the problem.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list