[asterisk-commits] lmadsen: tag 1.6.2.17.2 r311190 - in /tags/1.6.2.17.2: ./ main/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Mar 17 11:01:53 CDT 2011
Author: lmadsen
Date: Thu Mar 17 11:01:48 2011
New Revision: 311190
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=311190
Log:
Update ChangeLog, .version. Patches for AST-2011-003, and AST-2011-004.
Removed:
tags/1.6.2.17.2/asterisk-1.6.2.17-summary.html
tags/1.6.2.17.2/asterisk-1.6.2.17-summary.txt
Modified:
tags/1.6.2.17.2/.version
tags/1.6.2.17.2/ChangeLog
tags/1.6.2.17.2/main/manager.c
tags/1.6.2.17.2/main/tcptls.c
Modified: tags/1.6.2.17.2/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/.version?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/.version (original)
+++ tags/1.6.2.17.2/.version Thu Mar 17 11:01:48 2011
@@ -1,1 +1,1 @@
-1.6.2.17
+1.6.2.17.2
Modified: tags/1.6.2.17.2/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/ChangeLog?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/ChangeLog (original)
+++ tags/1.6.2.17.2/ChangeLog Thu Mar 17 11:01:48 2011
@@ -1,3 +1,14 @@
+2011-03-17 Leif Madsen <lmadsen at digium.com>
+
+ * Asterisk 1.6.2.17.2 Released.
+
+ (Asterisk 1.6.2.17.2 was released a day earlier, but a bug existed in
+ the patch for AST-2011-003 so this is a reissue of that release.)
+
+ * AST-2011-003: Resource exhaustion in Asterisk Manager Interface
+
+ * AST-2011-004: Remote crash vulnerability in TCP/TLS server
+
2011-02-22 Leif Madsen <lmadsen at digium.com>
* Asterisk 1.6.2.17 Released.
Modified: tags/1.6.2.17.2/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/main/manager.c?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/main/manager.c (original)
+++ tags/1.6.2.17.2/main/manager.c Thu Mar 17 11:01:48 2011
@@ -228,6 +228,7 @@
struct mansession_session *session;
FILE *f;
int fd;
+ int write_error:1;
};
static AST_LIST_HEAD_STATIC(sessions, mansession_session);
@@ -964,11 +965,15 @@
*/
static int send_string(struct mansession *s, char *string)
{
- if (s->f) {
- return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
- } else {
- return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
- }
+ int res;
+ FILE *f = s->f ? s->f : s->session->f;
+ int fd = s->f ? s->fd : s->session->fd;
+
+ if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
+ s->write_error = 1;
+ }
+
+ return res;
}
/*!
@@ -3272,7 +3277,7 @@
astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
for (;;) {
- if ((res = do_message(&s)) < 0)
+ if ((res = do_message(&s)) < 0 || s.write_error)
break;
}
/* session is over, explain why and terminate */
Modified: tags/1.6.2.17.2/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/main/tcptls.c?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/main/tcptls.c (original)
+++ tags/1.6.2.17.2/main/tcptls.c Thu Mar 17 11:01:48 2011
@@ -139,8 +139,12 @@
* open a FILE * as appropriate.
*/
if (!tcptls_session->parent->tls_cfg) {
- tcptls_session->f = fdopen(tcptls_session->fd, "w+");
- setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+ if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+ if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+ fclose(tcptls_session->f);
+ tcptls_session->f = NULL;
+ }
+ }
}
#ifdef DO_SSL
else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
More information about the asterisk-commits
mailing list