[asterisk-bugs] [JIRA] (ASTERISK-25742) Secondary IFP Packets can result in accessing uninitialized pointers and a crash
Torrey Searle (JIRA)
noreply at issues.asterisk.org
Wed Feb 3 02:27:33 CST 2016
Torrey Searle created ASTERISK-25742:
----------------------------------------
Summary: Secondary IFP Packets can result in accessing uninitialized pointers and a crash
Key: ASTERISK-25742
URL: https://issues.asterisk.org/jira/browse/ASTERISK-25742
Project: Asterisk
Issue Type: Bug
Security Level: None
Components: Core/UDPTL
Affects Versions: 11.22.0
Reporter: Torrey Searle
upon receiving the following udptl packet
80 12 (sequence number)
07 (primary ifp length)
8A 50 FF 3D 45 3E 5E (primary ifp packet)
52 (2ndary Packet mode)
01 (number of redundant packets)
00 (length)
The method decode_open_type will return without setting values for bufs[total_count + i] and lengths[total_count + i]
since neither of these arrays were memset to 0, the 0 length packet check on line 392 of udptl.c will fail to skip this packet and instead return a frame to a pointer to a random piece of memory & crashing
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list