[asterisk-bugs] [JIRA] (ASTERISK-28569) Missing check for variable buf in function config_text_file_load in utils/extconf.c
Asterisk Team (JIRA)
noreply at issues.asterisk.org
Mon Oct 7 08:53:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=248264#comment-248264 ]
Asterisk Team commented on ASTERISK-28569:
------------------------------------------
Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.
A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.
Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].
Please note that once your issue enters an open state it has been accepted. As Asterisk is an open source project there is no guarantee or timeframe on when your issue will be looked into. If you need expedient resolution you will need to find and pay a suitable developer. Asking for an update on your issue will not yield any progress on it and will not result in a response. All updates are posted to the issue when they occur.
> Missing check for variable buf in function config_text_file_load in utils/extconf.c
> -----------------------------------------------------------------------------------
>
> Key: ASTERISK-28569
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28569
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: . I did not set the category correctly.
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
>
> Summary: Missing check for variable buf in while(!feof(f)) loop. The
> vulnerability may lead to DoS.
> ####################################
> while(!feof(f)) {
> lineno++;
> if (fgets(buf, sizeof(buf), f)) {
> //MISSING CHECK HERE!!
> if ( withcomments ) {
> CB_ADD(lline_buffer); /* add
> the current lline buffer to the comment buffer */
> lline_buffer[0] = 0; /* erase
> the lline buffer */
> }
> new_buf = buf;
> if (comment)
> process_buf = NULL;
> else
> process_buf = buf;
> while ((comment_p = strchr(new_buf,
> COMMENT_META))) {
> ####################################
> The function may skip lines that too long.
> It is the vulnerability that is same as vulnerability that was fixed in
> https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch
> (https://issues.asterisk.org/jira/browse/ASTERISK-20658 )
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list