<div>
<style type="text/css">
td a, td a:link, td a:visited, td a:hover, td a:active {background:transparent;font-family: Arial, sans-serif;text-decoration:underline;}
td a:link {color:#369;}
td a:visited {color:#444;}
td a:hover, td a:active {color:#036;}
td a:hover {text-decoration:none;}
</style>
<font size="2" color="black" face="Arial, Helvetica, sans-serif" style="font-family: Arial, sans-serif;font-size: 13px;color:#000">
<table align="center" border="0" cellpadding="5" cellspacing="0" width="98%">
<tr>
<td style="vertical-align:top">
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#f2f2f2;border-top:1px solid #d9d9d9;border-bottom:1px solid #d9d9d9;color:#000;">
<tr>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#000;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/AST162-LUCID-AMD64/log" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#000">AST162-LUCID-AMD64-426</a>
<span style="font-family: Arial, sans-serif; font-size: 14px;"> has been queued, but there's no agent capable of building it.</span>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/AST162-LUCID-AMD64/log" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Code Changes</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td width="20" style="vertical-align:top;padding:10px 0 0px 10px">
<img src="http://bamboo.asterisk.org/images/icons/businessman.gif" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#000;vertical-align:top;padding:10px 10px 0px 10px">
<a href="http://bamboo.asterisk.org/browse/author/mjordan" style="font-family: Arial, sans-serif; font-size: 13px; font-weight:bold; color:#000">
mjordan</a><br>
Fix remotely exploitable stack overrun in Milliwatt<br/>
<br/>
Milliwatt is vulnerable to a remotely exploitable stack overrun when using<br/>
the 'o' option. This occurs due to the milliwatt_generate function not<br/>
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of<br/>
samples it can put in the output buffer. For channels using a format with <br/>
a sample rate less than 32kHz, the buffer overrun should not be possible as<br/>
the buffer allocated is sufficient to hold the data, even with no bounds<br/>
checking. For formats with a sample rate greater then 32kHz however, the<br/>
fixed length buffer will be overrun.<br/>
<br/>
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET<br/>
when determining the maximum number of samples allowed. Note that at no<br/>
point is remote code execution possible. The data that is written into the<br/>
buffer is the pre-defined Milliwatt data, and not custom data.<br/>
<br/>
(closes issue ASTERISK-19541)<br/>
Reported by: Russell Bryant<br/>
Tested by: Matt Jordan<br/>
Patches:<br/>
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)<br/>
Note that this patch was written by Russell, even though Matt uploaded it<br/>
</td>
<td width="60" style="font-family: Arial, sans-serif; font-size: 13px; ;color:#036;vertical-align:top;padding:10px 10px 0px 10px">
(359645)
</td></tr>
</table><br>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td colspan="2" align="center" style="font-family: Arial, sans-serif;text-align:center;font-size:11px;font-weight:bold;color:#999;vertical-align:top;padding:20px">
Email generated by <a href="http://bamboo.asterisk.org" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">Atlassian Bamboo</a> - if you wish to stop receiving these emails edit your <a href="http://bamboo.asterisk.org/profile/userNotifications.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">user profile</a> or <a href="http://bamboo.asterisk.org/viewAdministrators.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">notify your administrator</a>
</td>
</tr>
</table>
</td>
<td width="150" style="vertical-align:top">
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;vertical-align:top;padding:5px 10px">
Actions
</td>
</tr>
</table>
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#f5f9fc;border-bottom:1px solid #bbd0e5;">
<tr>
<td style="font-family: Ariel, sans-serif; font-size: 13px; color:#036;vertical-align:top;padding:5px 10px;line-height:1.7">
<a href="http://bamboo.asterisk.org/browse/AST162-LUCID-AMD64/log" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">View Online</a>
<br>
<a href="http://bamboo.asterisk.org/build/admin/stopPlan.action?planKey=AST162-LUCID-AMD64" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">Stop Build</a>
<br>
</td>
</tr>
</table>
</td>
<tr>
</table>
</font>
</div>