[asterisk-dev] [Code Review] 4182: core: avoid rasterisk crash due to long identifier

Scott Griepentrog reviewboard at asterisk.org
Fri Nov 14 17:03:14 CST 2014 


> On Nov. 14, 2014, 4:08 p.m., Corey Farrell wrote:
> > /branches/13/main/asterisk.c, line 3203
> > <https://reviewboard.asterisk.org/r/4182/diff/2/?file=68987#file68987line3203>
> >
> >     Does this actually initialize 256 bytes of '\0', or just initialize the first byte?

Initializing a char array with "" or { 0 } sets the entire array to zero, whereas the values are undefined otherwise.


> On Nov. 14, 2014, 4:08 p.m., Corey Farrell wrote:
> > /branches/13/main/asterisk.c, lines 3220-3222
> > <https://reviewboard.asterisk.org/r/4182/diff/2/?file=68987#file68987line3220>
> >
> >     Space around '-'.
> >     
> >     Also why was the return removed?

I have absolutely no idea how that happened other than the vim ghost.


- Scott


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/4182/#review13777
-----------------------------------------------------------


On Nov. 14, 2014, 5:03 p.m., Scott Griepentrog wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/4182/
> -----------------------------------------------------------
> 
> (Updated Nov. 14, 2014, 5:03 p.m.)
> 
> 
> Review request for Asterisk Developers.
> 
> 
> Repository: Asterisk
> 
> 
> Description
> -------
> 
> When connecting to the remote console, an identifier string is first provided that consists of hostname/pid/version.  This is parsed by the remote instance in a buffer allocated to only 80 bytes.  It is possible for a combination of very long hostname and very long asterisk version number to be greater than 80 characters, causing the parsing to fall off the end of the allocated memory buffer and potentially crash.
> 
> This change increases the buffer from 80 to 256 to significantly reduce that possibility.
> 
> 
> Diffs
> -----
> 
>   /branches/13/main/asterisk.c 427948 
> 
> Diff: https://reviewboard.asterisk.org/r/4182/diff/
> 
> 
> Testing
> -------
> 
> It stopped crashing on a repeated test I was running where the atoi of the version # happen to hit the end of the buffer.
> 
> 
> Thanks,
> 
> Scott Griepentrog
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20141114/8b6c2bda/attachment-0001.html>

More information about the asterisk-dev mailing list