[test-results] [Bamboo] No agents to build plan Asterisk - 1.6.2 - Ubuntu Lucid (10.04) - amd64

Bamboo bamboo at asterisk.org
Thu Mar 15 13:33:06 CDT 2012


-------------------------------------------------------------------------------
AST162-LUCID-AMD64-426 has been queued, but there's no agent capable of building it.
-------------------------------------------------------------------------------

http://bamboo.asterisk.org/browse/AST162-LUCID-AMD64/log

--------------
Code Changes
--------------
mjordan (359645):

>Fix remotely exploitable stack overrun in Milliwatt
>
>Milliwatt is vulnerable to a remotely exploitable stack overrun when using
>the 'o' option.  This occurs due to the milliwatt_generate function not
>accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of
>samples it can put in the output buffer.  For channels using a format with 
>a sample rate less than 32kHz, the buffer overrun should not be possible as
>the buffer allocated is sufficient to hold the data, even with no bounds
>checking.  For formats with a sample rate greater then 32kHz however, the
>fixed length buffer will be overrun.
>
>This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET
>when determining the maximum number of samples allowed.  Note that at no
>point is remote code execution possible.  The data that is written into the
>buffer is the pre-defined Milliwatt data, and not custom data.
>
>(closes issue ASTERISK-19541)
>Reported by: Russell Bryant
>Tested by: Matt Jordan
>Patches:
>  milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)
>  Note that this patch was written by Russell, even though Matt uploaded it
>


--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120315/6e39889a/attachment.htm>


More information about the Test-results mailing list