[asterisk-dev] Is this a new bug in libpri?
Hans Petter Selasky
hselasky at c2i.net
Fri Feb 10 10:31:10 MST 2006
On Friday 10 February 2006 16:39, Ricardo Monteiro wrote:
> Hi,
>
>
>
> I have found a behavior that I think it is originated by a
> bug. I'm working with asterisk and libpri 1.2.0.
>
Here is another bug at the same time:
What happens if libpri receives a too short message, like a ZIF, (Zero length
I-frame). I think it will dead crash, and maybe a stack attack is possible.
Please always use memory access wrappers when decoding packages from external
networks, like below, like get_1() and get_multi_1():
http://www.turbocat.net/~hselasky/isdn4bsd/sources/src/sys/i4b/dss1/dss1_l3decoder.h
--HPS
More information about the asterisk-dev
mailing list