[test-results] [Bamboo] Asterisk Testing > Asterisk Trunk > #1133 has FAILED (3 tests failed, 2 failures were new). Change made by Matthew Jordan.

Bamboo bamboo at asterisk.org
Wed Mar 27 19:44:17 CDT 2013 

-----------------------------------------------------------------------
Asterisk Testing > Asterisk Trunk > #1133 failed.
-----------------------------------------------------------------------
Code has been updated by Matthew Jordan.
1/2 jobs failed, with 3 failing tests, 2 failures were new.

http://bamboo.asterisk.org/browse/TESTING-ASTERISKTRUNK-1133/


--------------
Failing Jobs
--------------
  - Asterisk CentOS 6 32-Bit (CentOS 6): 3 of 466 tests failed.



--------------
Code Changes
--------------
Matthew Jordan (383980):

>AST-2013-002: Prevent denial of service in HTTP server
>
>AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
>HTTP server for a remotely-triggered crash. While the fix put in place fixed
>the possibility for the crash to be triggered, a denial of service vector still
>exists with that solution if an attacker sends one or more HTTP POST requests
>with very large Content-Length values. This patch resolves this by capping
>the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
>Content-Length greater than this cap will not result in any memory allocation.
>The POST will be responded to with an HTTP 413 "Request Entity Too Large"
>response.
>
>This issue was reported by Christoph Hebeisen of TELUS Security Labs
>
>(closes issue ASTERISK-20967)
>Reported by: Christoph Hebeisen
>patches:
>  AST-2013-002-1.8.diff uploaded by mmichelson (License 5049)
>  AST-2013-002-10.diff uploaded by mmichelson (License 5049)
>  AST-2013-002-11.diff uploaded by mmichelson (License 5049)
>........
>
>Merged revisions 383978 from http://svn.asterisk.org/svn/asterisk/branches/11
>



--------------
Tests
--------------
New Test Failures (2)
   - AsteriskTestSuite: S/apps/control playback/control restart
   - AsteriskTestSuite: S/apps/control playback/control reverse
Existing Test Failures (1)
   - AsteriskTestSuite: S/apps/control playback/control forward
Fixed Tests (2)
   - AsteriskTestSuite: S/apps/control playback/control stop
   - AsteriskTestSuite: S/bridge/disconnect

--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20130327/31257227/attachment-0001.htm>

More information about the Test-results mailing list