[test-results] [Bamboo] Asterisk Testing > Asterisk 10 Branch > #534 has FAILED (1 tests failed). Change made by Matthew Jordan.

Bamboo bamboo at asterisk.org
Wed Mar 27 15:35:56 CDT 2013 

-----------------------------------------------------------------------
Asterisk Testing > Asterisk 10 Branch > #534 failed.
-----------------------------------------------------------------------
Code has been updated by Matthew Jordan.
1/2 jobs failed, with 1 failing test.

http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-534/


--------------
Failing Jobs
--------------
  - Asterisk CentOS 6 32-Bit (CentOS 6): 1 of 248 tests failed.



--------------
Code Changes
--------------
Matthew Jordan (383977):

>AST-2013-002: Prevent denial of service in HTTP server
>
>AST-2012-014, fixed in January of this year, contained a fix for Asterisk's
>HTTP server for a remotely-triggered crash. While the fix put in place fixed
>the possibility for the crash to be triggered, a denial of service vector still
>exists with that solution if an attacker sends one or more HTTP POST requests
>with very large Content-Length values. This patch resolves this by capping
>the Content-Length at 1024 bytes. Any attempt to send an HTTP POST with
>Content-Length greater than this cap will not result in any memory allocation.
>The POST will be responded to with an HTTP 413 "Request Entity Too Large"
>response.
>
>This issue was reported by Christoph Hebeisen of TELUS Security Labs
>
>(closes issue ASTERISK-20967)
>Reported by: Christoph Hebeisen
>patches:
>  AST-2013-002-1.8.diff uploaded by mmichelson (License 5049)
>  AST-2013-002-10.diff uploaded by mmichelson (License 5049)
>  AST-2013-002-11.diff uploaded by mmichelson (License 5049)
>



--------------
Tests
--------------
New Test Failures (1)
   - AsteriskTestSuite: S/channels/ s i p/session timers/uas originate/large minse no se

--
This message is automatically generated by Atlassian Bamboo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/test-results/attachments/20130327/da465212/attachment.htm>

More information about the Test-results mailing list