[asterisk-commits] mjordan: trunk r404844 - in /trunk: ./ res/ tests/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Fri Jan 3 15:13:33 CST 2014 

Author: mjordan
Date: Fri Jan  3 15:13:30 2014
New Revision: 404844

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=404844
Log:
res_pjsip_authenticator_digest: Fix md5 hash buffer

An md5 hash is 32 bytes long. The char buffer must be at least 33 bytes to
avoid clobbering of the stack. This patch also fixes a potential clobbering
in test_utils.c.

Thanks to Andrew Nagy for reporting and testing this out in #asterisk-dev

Reported by: Andrew Nagy
Tested by: Andrew Nagy
........

Merged revisions 404843 from http://svn.asterisk.org/svn/asterisk/branches/12

Modified:
    trunk/   (props changed)
    trunk/res/res_pjsip_authenticator_digest.c
    trunk/tests/test_utils.c

Propchange: trunk/
------------------------------------------------------------------------------
--- branch-12-merged (original)
+++ branch-12-merged Fri Jan  3 15:13:30 2014
@@ -1,1 +1,1 @@
-/branches/12:1-398558,398560-398577,398579-399305,399307-401390,401392-403290,403292-403778,403781-404568,404581,404592,404605,404613,404652,404663,404676,404725,404737,404764,404781,404786
+/branches/12:1-398558,398560-398577,398579-399305,399307-401390,401392-403290,403292-403778,403781-404568,404581,404592,404605,404613,404652,404663,404676,404725,404737,404764,404781,404786,404843

Modified: trunk/res/res_pjsip_authenticator_digest.c
URL: http://svnview.digium.com/svn/asterisk/trunk/res/res_pjsip_authenticator_digest.c?view=diff&rev=404844&r1=404843&r2=404844
==============================================================================
--- trunk/res/res_pjsip_authenticator_digest.c (original)
+++ trunk/res/res_pjsip_authenticator_digest.c Fri Jan  3 15:13:30 2014
@@ -200,7 +200,7 @@
 {
 	struct ast_str *str = ast_str_alloca(256);
 	RAII_VAR(char *, eid, ao2_global_obj_ref(entity_id), ao2_cleanup);
-	char hash[32];
+	char hash[33];
 
 	ast_str_append(&str, 0, "%s", timestamp);
 	ast_str_append(&str, 0, ":%s", rdata->pkt_info.src_name);

Modified: trunk/tests/test_utils.c
URL: http://svnview.digium.com/svn/asterisk/trunk/tests/test_utils.c?view=diff&rev=404844&r1=404843&r2=404844
==============================================================================
--- trunk/tests/test_utils.c (original)
+++ trunk/tests/test_utils.c Fri Jan  3 15:13:30 2014
@@ -202,7 +202,7 @@
 	ast_test_status_update(test, "Testing MD5 ...\n");
 
 	for (i = 0; i < ARRAY_LEN(tests); i++) {
-		char md5_hash[32];
+		char md5_hash[33];
 		ast_md5_hash(md5_hash, tests[i].input);
 		if (strcasecmp(md5_hash, tests[i].expected_output)) {
 			ast_test_status_update(test,

More information about the asterisk-commits mailing list