[asterisk-bugs] [JIRA] (ASTERISK-25304) res_pjsip: XML sanitization may write past buffer

Joshua Colp (JIRA) noreply at issues.asterisk.org
Wed Aug 5 11:22:32 CDT 2015


     [ https://issues.asterisk.org/jira/browse/ASTERISK-25304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joshua Colp updated ASTERISK-25304:
-----------------------------------

    Reviewboard Link: https://gerrit.asterisk.org/1038 https://gerrit.asterisk.org/1039 https://gerrit.asterisk.org/1040

> res_pjsip: XML sanitization may write past buffer
> -------------------------------------------------
>
>                 Key: ASTERISK-25304
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-25304
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_pjsip
>    Affects Versions: 13.4.0
>            Reporter: Joshua Colp
>            Assignee: Joshua Colp
>
> The ast_sip_sanitize_xml function currently uses the strncat function incorrectly. The length provided to it may cause it to write past the provided output buffer into other memory. This can cause a crash. The crash may result from the writing or because the PJSIP library expects the value to be NULL terminated when it is not.



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list