[Asterisk-code-review] manager: fix digest auth for ami/http mechanism. (asterisk[master])
Jaco Kroon
asteriskteam at digium.com
Tue May 8 05:28:51 CDT 2018
Hello Jenkins2,
I'd like you to reexamine a change. Please visit
https://gerrit.asterisk.org/8938
to look at the new patch set (#2).
Change subject: manager: fix digest auth for ami/http mechanism.
......................................................................
manager: fix digest auth for ami/http mechanism.
Given that the a2 buffer ends up containing the user-supplied uri value
a static buffer can be trivially overflowed. The potential DOS (memory
exhaustion) should be handled already in the http module by way of max
request size (specifically the MAX_HTTP_LINE_LENGTH).
ASTERISK-27841
Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
---
M main/manager.c
1 file changed, 13 insertions(+), 10 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/38/8938/2
--
To view, visit https://gerrit.asterisk.org/8938
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I660609db13b8f9e5f9567f339dd804f4985d41b3
Gerrit-Change-Number: 8938
Gerrit-PatchSet: 2
Gerrit-Owner: Jaco Kroon <jaco at uls.co.za>
Gerrit-Reviewer: Jenkins2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180508/35ba3350/attachment.html>
More information about the asterisk-code-review
mailing list