[test-results] [Bamboo] No agents to build plan Asterisk - 1.4 - Ubuntu Lucid (10.04) - amd64
Bamboo
bamboo at asterisk.org
Thu Mar 15 13:21:04 CDT 2012
-------------------------------------------------------------------------------
AST14-LUCID-AMD64-338 has been queued, but there's no agent capable of building it.
-------------------------------------------------------------------------------
http://bamboo.asterisk.org/browse/AST14-LUCID-AMD64/log
--------------
Code Changes
--------------
mjordan (359615):
>Fix remotely exploitable stack overrun in Milliwatt
>
>Milliwatt is vulnerable to a remotely exploitable stack overrun when using
>the 'o' option. This occurs due to the milliwatt_generate function not
>accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
>samples it can put in the output buffer. For channels using a format with
>a sample rate less than 32kHz, the buffer overrun should not be possible as
>the buffer allocated is sufficient to hold the data, even with no bounds
>checking. For formats with a sample rate greater then 32kHz however, the
>fixed length buffer will be overrun.
>
>This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
>when determining the maximum number of samples allowed. Note that at no
>point is remote code execution possible. The data that is written into the
>buffer is the pre-defined Milliwatt data, and not custom data.
>
>(issue ASTERISK-19541)
>Reported by: Russell Bryant
>Tested by: Matt Jordan
>Patches:
> milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
> Note that this patch was written by Russell, even though Matt uploaded it
>
>
--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120315/1d0799cd/attachment.htm>
More information about the Test-results
mailing list