[asterisk-commits] lmadsen: tag 1.6.2.17.2 r311190 - in /tags/1.6.2.17.2: ./ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Mar 17 11:01:53 CDT 2011


Author: lmadsen
Date: Thu Mar 17 11:01:48 2011
New Revision: 311190

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=311190
Log:
Update ChangeLog, .version. Patches for AST-2011-003, and AST-2011-004.

Removed:
    tags/1.6.2.17.2/asterisk-1.6.2.17-summary.html
    tags/1.6.2.17.2/asterisk-1.6.2.17-summary.txt
Modified:
    tags/1.6.2.17.2/.version
    tags/1.6.2.17.2/ChangeLog
    tags/1.6.2.17.2/main/manager.c
    tags/1.6.2.17.2/main/tcptls.c

Modified: tags/1.6.2.17.2/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/.version?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/.version (original)
+++ tags/1.6.2.17.2/.version Thu Mar 17 11:01:48 2011
@@ -1,1 +1,1 @@
-1.6.2.17
+1.6.2.17.2

Modified: tags/1.6.2.17.2/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/ChangeLog?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/ChangeLog (original)
+++ tags/1.6.2.17.2/ChangeLog Thu Mar 17 11:01:48 2011
@@ -1,3 +1,14 @@
+2011-03-17  Leif Madsen <lmadsen at digium.com>
+
+	* Asterisk 1.6.2.17.2 Released.
+
+	(Asterisk 1.6.2.17.2 was released a day earlier, but a bug existed in
+	the patch for AST-2011-003 so this is a reissue of that release.)
+
+	* AST-2011-003: Resource exhaustion in Asterisk Manager Interface
+
+	* AST-2011-004: Remote crash vulnerability in TCP/TLS server
+
 2011-02-22  Leif Madsen <lmadsen at digium.com>
 
 	* Asterisk 1.6.2.17 Released.

Modified: tags/1.6.2.17.2/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/main/manager.c?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/main/manager.c (original)
+++ tags/1.6.2.17.2/main/manager.c Thu Mar 17 11:01:48 2011
@@ -228,6 +228,7 @@
 	struct mansession_session *session;
 	FILE *f;
 	int fd;
+	int write_error:1;
 };
 
 static AST_LIST_HEAD_STATIC(sessions, mansession_session);
@@ -964,11 +965,15 @@
  */
 static int send_string(struct mansession *s, char *string)
 {
-	if (s->f) {
-		return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
-	} else {
-		return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
-	}
+	int res;
+	FILE *f = s->f ? s->f : s->session->f;
+	int fd = s->f ? s->fd : s->session->fd;
+
+	if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
+		s->write_error = 1;
+	}
+
+	return res;
 }
 
 /*!
@@ -3272,7 +3277,7 @@
 
 	astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION);	/* welcome prompt */
 	for (;;) {
-		if ((res = do_message(&s)) < 0)
+		if ((res = do_message(&s)) < 0 || s.write_error)
 			break;
 	}
 	/* session is over, explain why and terminate */

Modified: tags/1.6.2.17.2/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.6.2.17.2/main/tcptls.c?view=diff&rev=311190&r1=311189&r2=311190
==============================================================================
--- tags/1.6.2.17.2/main/tcptls.c (original)
+++ tags/1.6.2.17.2/main/tcptls.c Thu Mar 17 11:01:48 2011
@@ -139,8 +139,12 @@
 	* open a FILE * as appropriate.
 	*/
 	if (!tcptls_session->parent->tls_cfg) {
-		tcptls_session->f = fdopen(tcptls_session->fd, "w+");
-		setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+		if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+			if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+				fclose(tcptls_session->f);
+				tcptls_session->f = NULL;
+			}
+		}
 	}
 #ifdef DO_SSL
 	else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {




More information about the asterisk-commits mailing list