[asterisk-bugs] [JIRA] (ASTERISK-25304) res_pjsip: XML sanitization may write past buffer
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Wed Aug 5 11:22:32 CDT 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-25304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp updated ASTERISK-25304:
-----------------------------------
Reviewboard Link: https://gerrit.asterisk.org/1038 https://gerrit.asterisk.org/1039 https://gerrit.asterisk.org/1040
> res_pjsip: XML sanitization may write past buffer
> -------------------------------------------------
>
> Key: ASTERISK-25304
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-25304
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Resources/res_pjsip
> Affects Versions: 13.4.0
> Reporter: Joshua Colp
> Assignee: Joshua Colp
>
> The ast_sip_sanitize_xml function currently uses the strncat function incorrectly. The length provided to it may cause it to write past the provided output buffer into other memory. This can cause a crash. The crash may result from the writing or because the PJSIP library expects the value to be NULL terminated when it is not.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list