[test-results] [Bamboo] Asterisk Testing > Asterisk 10 Branch > #56 was SUCCESSFUL (with 204 tests). Change made by Matthew Jordan.
Bamboo
bamboo at asterisk.org
Thu Mar 15 22:40:09 CDT 2012
-----------------------------------------------------------------------
Asterisk Testing > Asterisk 10 Branch > #56 was successful.
-----------------------------------------------------------------------
Code has been updated by Matthew Jordan.
204 tests in total.
http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-56/
--------------
Code Changes
--------------
Matthew Jordan (359707):
>Fix remotely exploitable stack overflow in HTTP manager
>
>There exists a remotely exploitable stack buffer overflow in HTTP digest
>authentication handling in Asterisk. The particular method in question
>is only utilized by HTTP AMI. When parsing the digest information, the
>length of the string is not checked when it is copied into temporary buffers
>allocated on the stack.
>
>This patch fixes this behavior by parsing out pre-defined key/value pairs
>and avoiding unnecessary copies to the stack.
>
>(closes issue ASTERISK-19542)
>Reported by: Russell Bryant
>Tested by: Matt Jordan
>........
>
>Merged revisions 359706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
>
--------------
Tests
--------------
Fixed Tests (1)
- AsteriskTestSuite: S/apps/confbridge/confbridge nominal
--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20120315/56e37a36/attachment-0001.htm>
More information about the Test-results
mailing list