[test-results] [Bamboo] Asterisk Testing > Asterisk Trunk > #84 has FAILED. Change made by Matthew Jordan.
Bamboo
bamboo at asterisk.org
Thu Mar 15 22:44:44 CDT 2012
-----------------------------------------------------------------------
Asterisk Testing > Asterisk Trunk > #84 failed.
-----------------------------------------------------------------------
Code has been updated by Matthew Jordan.
No failed tests found, a possible compilation error.
http://bamboo.asterisk.org/browse/TESTING-ASTERISKTRUNK-84/
--------------
Failing Jobs
--------------
- Asterisk CentOS 6 64-Bit (CentOS 6): No tests found.
--------------
Code Changes
--------------
Matthew Jordan (359708):
>Fix remotely exploitable stack overflow in HTTP manager
>
>There exists a remotely exploitable stack buffer overflow in HTTP digest
>authentication handling in Asterisk. The particular method in question
>is only utilized by HTTP AMI. When parsing the digest information, the
>length of the string is not checked when it is copied into temporary buffers
>allocated on the stack.
>
>This patch fixes this behavior by parsing out pre-defined key/value pairs
>and avoiding unnecessary copies to the stack.
>
>(closes issue ASTERISK-19542)
>Reported by: Russell Bryant
>Tested by: Matt Jordan
>........
>
>Merged revisions 359706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
>........
>
>Merged revisions 359707 from http://svn.asterisk.org/svn/asterisk/branches/10
>
--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120315/5b456c02/attachment.htm>
More information about the Test-results
mailing list