[asterisk-commits] lmadsen: tag 1.8.3.2 r311192 - in /tags/1.8.3.2: ./ main/
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Mar 17 11:05:13 CDT 2011
Author: lmadsen
Date: Thu Mar 17 11:05:07 2011
New Revision: 311192
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=311192
Log:
Update ChangeLog, .version. Patches for AST-2011-003, and AST-2011-004.
(closes issue #18987)
Reported by: ks-steven
Removed:
tags/1.8.3.2/asterisk-1.8.3-summary.html
tags/1.8.3.2/asterisk-1.8.3-summary.txt
Modified:
tags/1.8.3.2/.version
tags/1.8.3.2/ChangeLog
tags/1.8.3.2/main/manager.c
tags/1.8.3.2/main/tcptls.c
Modified: tags/1.8.3.2/.version
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.3.2/.version?view=diff&rev=311192&r1=311191&r2=311192
==============================================================================
--- tags/1.8.3.2/.version (original)
+++ tags/1.8.3.2/.version Thu Mar 17 11:05:07 2011
@@ -1,1 +1,1 @@
-1.8.3
+1.8.3.2
Modified: tags/1.8.3.2/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.3.2/ChangeLog?view=diff&rev=311192&r1=311191&r2=311192
==============================================================================
--- tags/1.8.3.2/ChangeLog (original)
+++ tags/1.8.3.2/ChangeLog Thu Mar 17 11:05:07 2011
@@ -1,3 +1,14 @@
+2011-03-17 Leif Madsen <lmadsen at digium.com>
+
+ * Asterisk 1.8.3.2 Released.
+
+ (Asterisk 1.8.3.1 was released a day earlier, but a bug existed in
+ the patch for AST-2011-003 so this is a reissue of that release.)
+
+ * AST-2011-003: Resource exhaustion in Asterisk Manager Interface
+
+ * AST-2011-004: Remote crash vulnerability in TCP/TLS server
+
2011-02-22 Leif Madsen <lmadsen at digium.com>
* Asterisk 1.8.3 Released.
Modified: tags/1.8.3.2/main/manager.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.3.2/main/manager.c?view=diff&rev=311192&r1=311191&r2=311192
==============================================================================
--- tags/1.8.3.2/main/manager.c (original)
+++ tags/1.8.3.2/main/manager.c Thu Mar 17 11:05:07 2011
@@ -971,6 +971,7 @@
struct ast_tcptls_session_instance *tcptls_session;
FILE *f;
int fd;
+ int write_error:1;
struct manager_custom_hook *hook;
ast_mutex_t lock;
};
@@ -1844,6 +1845,10 @@
*/
static int send_string(struct mansession *s, char *string)
{
+ int res;
+ FILE *f = s->f ? s->f : s->session->f;
+ int fd = s->f ? s->fd : s->session->fd;
+
/* It's a result from one of the hook's action invocation */
if (s->hook) {
/*
@@ -1852,11 +1857,13 @@
*/
s->hook->helper(EVENT_FLAG_HOOKRESPONSE, "HookResponse", string);
return 0;
- } else if (s->f) {
- return ast_careful_fwrite(s->f, s->fd, string, strlen(string), s->session->writetimeout);
- } else {
- return ast_careful_fwrite(s->session->f, s->session->fd, string, strlen(string), s->session->writetimeout);
- }
+ }
+
+ if ((res = ast_careful_fwrite(f, fd, string, strlen(string), s->session->writetimeout))) {
+ s->write_error = 1;
+ }
+
+ return res;
}
/*!
@@ -4671,7 +4678,7 @@
ao2_unlock(session);
astman_append(&s, "Asterisk Call Manager/%s\r\n", AMI_VERSION); /* welcome prompt */
for (;;) {
- if ((res = do_message(&s)) < 0) {
+ if ((res = do_message(&s)) < 0 || s.write_error) {
break;
}
}
Modified: tags/1.8.3.2/main/tcptls.c
URL: http://svnview.digium.com/svn/asterisk/tags/1.8.3.2/main/tcptls.c?view=diff&rev=311192&r1=311191&r2=311192
==============================================================================
--- tags/1.8.3.2/main/tcptls.c (original)
+++ tags/1.8.3.2/main/tcptls.c Thu Mar 17 11:05:07 2011
@@ -139,8 +139,12 @@
* open a FILE * as appropriate.
*/
if (!tcptls_session->parent->tls_cfg) {
- tcptls_session->f = fdopen(tcptls_session->fd, "w+");
- setvbuf(tcptls_session->f, NULL, _IONBF, 0);
+ if ((tcptls_session->f = fdopen(tcptls_session->fd, "w+"))) {
+ if(setvbuf(tcptls_session->f, NULL, _IONBF, 0)) {
+ fclose(tcptls_session->f);
+ tcptls_session->f = NULL;
+ }
+ }
}
#ifdef DO_SSL
else if ( (tcptls_session->ssl = SSL_new(tcptls_session->parent->tls_cfg->ssl_ctx)) ) {
More information about the asterisk-commits
mailing list