[asterisk-bugs] [JIRA] (ASTERISK-28569) Missing check for variable buf in function config_text_file_load in utils/extconf.c
Richard Mudgett (JIRA)
noreply at issues.asterisk.org
Mon Oct 7 10:19:47 CDT 2019
[ https://issues.asterisk.org/jira/browse/ASTERISK-28569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Richard Mudgett updated ASTERISK-28569:
---------------------------------------
Description:
Summary: Missing check for variable buf in while(!feof(f)) loop. The
vulnerability may lead to DoS.
{code}
while(!feof(f)) {
lineno++;
if (fgets(buf, sizeof(buf), f)) {
//MISSING CHECK HERE!!
if ( withcomments ) {
CB_ADD(lline_buffer); /* add the current lline buffer to the comment buffer */
lline_buffer[0] = 0; /* erase the lline buffer */
}
new_buf = buf;
if (comment)
process_buf = NULL;
else
process_buf = buf;
while ((comment_p = strchr(new_buf, COMMENT_META))) {
{code}
The function may skip lines that too long.
It is the vulnerability that is same as vulnerability that was fixed in
https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch
(ASTERISK-20658 )
was:
Summary: Missing check for variable buf in while(!feof(f)) loop. The
vulnerability may lead to DoS.
####################################
while(!feof(f)) {
lineno++;
if (fgets(buf, sizeof(buf), f)) {
//MISSING CHECK HERE!!
if ( withcomments ) {
CB_ADD(lline_buffer); /* add the current lline buffer to the comment buffer */
lline_buffer[0] = 0; /* erase the lline buffer */
}
new_buf = buf;
if (comment)
process_buf = NULL;
else
process_buf = buf;
while ((comment_p = strchr(new_buf, COMMENT_META))) {
####################################
The function may skip lines that too long.
It is the vulnerability that is same as vulnerability that was fixed in
https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch
(https://issues.asterisk.org/jira/browse/ASTERISK-20658 )
> Missing check for variable buf in function config_text_file_load in utils/extconf.c
> -----------------------------------------------------------------------------------
>
> Key: ASTERISK-28569
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-28569
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: . I did not set the category correctly.
> Affects Versions: 16.6.0
> Environment: No
> Reporter: Yoooooo Ha
> Assignee: Unassigned
>
> Summary: Missing check for variable buf in while(!feof(f)) loop. The
> vulnerability may lead to DoS.
> {code}
> while(!feof(f)) {
> lineno++;
> if (fgets(buf, sizeof(buf), f)) {
> //MISSING CHECK HERE!!
> if ( withcomments ) {
> CB_ADD(lline_buffer); /* add the current lline buffer to the comment buffer */
> lline_buffer[0] = 0; /* erase the lline buffer */
> }
> new_buf = buf;
> if (comment)
> process_buf = NULL;
> else
> process_buf = buf;
> while ((comment_p = strchr(new_buf, COMMENT_META))) {
> {code}
> The function may skip lines that too long.
> It is the vulnerability that is same as vulnerability that was fixed in
> https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch
> (ASTERISK-20658 )
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list