[asterisk-bugs] [JIRA] (ASTERISK-28569) Missing check for variable buf in function config_text_file_load in utils/extconf.c

Asterisk Team (JIRA) noreply at issues.asterisk.org
Tue Oct 22 12:01:47 CDT 2019 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-28569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=248499#comment-248499 ] 

Asterisk Team commented on ASTERISK-28569:
------------------------------------------

Suspended due to lack of activity. This issue will be automatically re-opened if the reporter posts a comment. If you are not the reporter and would like this re-opened please create a new issue instead. If the new issue is related to this one a link will be created during the triage process. Further information on issue tracker usage can be found in the Asterisk Issue Guidlines [1].

[1] https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines

> Missing check for variable buf in function config_text_file_load in utils/extconf.c
> -----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-28569
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-28569
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: . I did not set the category correctly.
>    Affects Versions: 16.6.0
>         Environment: No
>            Reporter: Yoooooo Ha
>            Assignee: Yoooooo Ha
>
> Summary: Missing check for variable buf in while(!feof(f)) loop. The 
> vulnerability may lead to DoS.
> {code}
>                  while(!feof(f)) {
>                          lineno++;
>                          if (fgets(buf, sizeof(buf), f)) {
>                                  //MISSING CHECK HERE!!
>                                  if ( withcomments ) {
>                                          CB_ADD(lline_buffer); /* add the current lline buffer to the comment buffer */
>                                          lline_buffer[0] = 0; /* erase the lline buffer */
>                                  }
>                                  new_buf = buf;
>                                  if (comment)
>                                          process_buf = NULL;
>                                  else
>                                          process_buf = buf;
>                                  while ((comment_p = strchr(new_buf, COMMENT_META))) {
> {code}
> The function may skip lines that too long.
> It is the vulnerability that is same as vulnerability that was fixed in 
> https://issues.asterisk.org/jira/secure/attachment/45489/issueA20658_dont_process_overlong_config_lines.patch 
> (ASTERISK-20658 )



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list