[Asterisk-code-review] res pjsip refer.c: Fix seg fault in process of Refer-to header. (asterisk[master])

Joshua Colp asteriskteam at digium.com
Thu Mar 17 13:12:10 CDT 2016


Hello Sergio Medina Toledo, Richard Mudgett, Anonymous Coward #1000019, George Joseph,

I'd like you to reexamine a change.  Please visit

    https://gerrit.asterisk.org/2348

to look at the new patch set (#4).

Change subject: res_pjsip_refer.c: Fix seg fault in process of Refer-to header.
......................................................................

res_pjsip_refer.c: Fix seg fault in process of Refer-to header.

The "Refer-to" header of an incoming REFER request is parsed by
pjsip_parse_uri().  That function requires the URI parameter to be NULL
terminated.  Unfortunately, the previous code added the NULL terminator by
overwriting memory that may not be safe.  The overwritten memory results
could be benign, memory corruption, or a segmentation fault.  Now the URI
is NULL terminated safely by copying the URI to a new chunk of memory with
the correct size to be NULL terminated.

ASTERISK-25814 #close

Change-Id: I32565496684a5a49c3278fce06474b8c94b37342
---
M res/res_pjsip_refer.c
1 file changed, 9 insertions(+), 9 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/48/2348/4
-- 
To view, visit https://gerrit.asterisk.org/2348
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I32565496684a5a49c3278fce06474b8c94b37342
Gerrit-PatchSet: 4
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Owner: Sergio Medina Toledo <lumasepa at gmail.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: George Joseph <george.joseph at fairview5.com>
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Sergio Medina Toledo <lumasepa at gmail.com>



More information about the asterisk-code-review mailing list