[asterisk-dev] UDPTL crash anyone?
Steve Underwood
steveu at coppice.org
Fri Dec 12 21:33:10 CST 2008
Atis Lezdins wrote:
> Hello,
>
> There's a crash in udptl.c and from my limited knowledge it could be
> security vulnerability, thay's why it's been set as private in
> bugtracker.
>
> Can anybody with knowledge of udptl.c take a look at it and
> confirm/reject exploit options? It's been hanging around for 2 months
> already.
>
> Regards,
> Atis
>
>
I wonder how similar that code is to when I donated it to Asterisk? I
seem to remember we cleaned up one or two crash issues when we put the
same basic code into Callweaver, but its along time ago, and I can't
remember the details. You could try comparing the udptl.c file in
Callweaver 1.2.0.1 with the current Asterisk code. Apart from the
obvious changes of "ast_" to "cw_" you might find its still similar
enough to easily spot some relevant differences.
Regards,
Steve
More information about the asterisk-dev
mailing list