[asterisk-dev] Re: Help with 240 samples on frames read fromchan_iax

Steven Critchfield critch at basesys.com
Mon Nov 6 14:52:43 MST 2006


On Mon, 2006-11-06 at 14:43 -0600, Tilghman Lesher wrote:
> On Monday 06 November 2006 12:36, Dan Austin wrote:
> > 'Fixing' app_conference is a worthy endevour, but convincing
> > chan_iax to honor framing limits on both the send and receive
> > legs of a channel would be a big win.  Even better would be
> > the addition of an IE to convey the desired framing/payload would
> > allow Asterisk and endpoints to 'negotiate' symmetric packetization.
> > Chan_skinny has that feature, and it greatly reduces the amount
> > of effort to make sure all devices are using identical values
> > for framing.
> 
> But it still is an issue.  If a malicious attacker finds that you crash
> when a 50ms frame is submitted to your system, then you might be
> crashing all day.  Sending someone a packet larger than they are
> expecting should never cause their system to crash.  If it does, that's
> a bug on the receiving system.

I don't have a dog in this argument, but I think you(Tilghman) jumped a
little far here. Nothing was said about limiting the receiver from doing
bounds checking, but rather negotiating valid limits and then sticking
to sending them. You still wouldn't trust the sender with your system,
but you at least have agreed under normal circumstances to work in a
better way. 
-- 
Steven Critchfield <critch at basesys.com>



More information about the asterisk-dev mailing list