[asterisk-bugs] [JIRA] (ASTERISK-28569) Missing check for variable buf in function config_text_file_load in utils/extconf.c

Yoooooo Ha (JIRA) noreply at issues.asterisk.org
Mon Oct 7 08:53:47 CDT 2019


Yoooooo Ha created ASTERISK-28569:
-------------------------------------

             Summary: Missing check for variable buf in function config_text_file_load in utils/extconf.c
                 Key: ASTERISK-28569
                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28569
             Project: Asterisk
          Issue Type: Bug
      Security Level: None
          Components: . I did not set the category correctly.
    Affects Versions: 16.6.0
         Environment: No
            Reporter: Yoooooo Ha


Summary: Missing check for variable buf in while(!feof(f)) loop. The 
vulnerability may lead to DoS.

####################################

                 while(!feof(f)) {
                         lineno++;
                         if (fgets(buf, sizeof(buf), f)) {
                                 //MISSING CHECK HERE!!
                                 if ( withcomments ) {
                                         CB_ADD(lline_buffer); /* add 
the current lline buffer to the comment buffer */
                                         lline_buffer[0] = 0; /* erase 
the lline buffer */
                                 }

                                 new_buf = buf;
                                 if (comment)
                                         process_buf = NULL;
                                 else
                                         process_buf = buf;

                                 while ((comment_p = strchr(new_buf, 
COMMENT_META))) {


####################################

The function may skip lines that too long.

It is the vulnerability that is same as vulnerability that was fixed in 
https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch 

(https://issues.asterisk.org/jira/browse/ASTERISK-20658 )




--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list