<div>
<style type="text/css">
.successful a, .successful a:visited, .successful a:link, .successful a:hover,.successful a:active {color:#393}
.failed a, .failed a:visited, .failed a:link, .failed a:hover,.failed a:active {color:#d62829}
.notexecuted a, .notexecuted a:visited, .notexecuted a:link, .notexecuted a:hover,.notexecuted a:active {color:#ffcc66}
td a, td a:link, td a:visited, td a:hover, td a:active {background:transparent;font-family: Arial, sans-serif;text-decoration:underline;}
td a:link {color:#369;}
td a:visited {color:#444;}
td a:hover, td a:active {color:#036;}
td a:hover {text-decoration:none;}
</style>
<font size="2" color="black" face="Arial, Helvetica, sans-serif" style="font-family: Arial, sans-serif;font-size: 13px;color:#000">
<table align="center" border="0" cellpadding="5" cellspacing="0" width="98%">
<tr>
<td style="vertical-align:top">
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ffe6e7;border-top:1px solid #eec0c0;border-bottom:1px solid #eec0c0;color:#d62829;">
<tr>
<td width="20" style="vertical-align:top;padding:5px 0 5px 10px">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#d62829;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">Asterisk Testing</a> >
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">Asterisk 10 Branch</a> >
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/" style="font-family: Arial, sans-serif; font-size: 15px; font-weight:bold; color:#d62829">#55</a>
<span class="failed" style="font-family: Arial, sans-serif; font-size: 14px;"> has failed.</span>
<span class="failed" style="font-family: Arial, sans-serif; font-size: 13px;">
<br/>Code has been updated by <a href="http://bamboo.asterisk.org/browse/user/mjordan">Matthew Jordan</a>.
<br/><strong>1/204</strong> tests failed.
</span>
</td>
</tr>
</table>
<br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Failing Jobs</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="20" style="vertical-align:top;padding:11px 0 5px 10px; border-bottom:1px solid #EEEEEE; ">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-AST18CENTOS64-55/" style="color:red;">Asterisk CentOS 6 64-Bit</a>
<span style="color:#444444; font-size:11px; font-style:italic;">(CentOS 6)</span>
</td>
<td width="120" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Duration:</b> 73 minutes
</td>
<td width="130" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;color:#444444; font-size:11px">
<b>Tests:</b> 1 of 204 failed
</td>
<td width="80" style="font-family: Arial, sans-serif; font-size: 13px; vertical-align:top;padding:10px 5px 10px 5px; border-bottom:1px solid #EEEEEE;font-size:11px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-AST18CENTOS64-55/log">Logs</a> | <a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-AST18CENTOS64-55/artifact">Artifacts</a>
</td>
</tr>
</table>
<br/>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/commit/" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Code Changes</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/commit/" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">See full change details</a><img src="http://bamboo.asterisk.org/images/icons/more.gif" width="15" height="15" style="vertical-align:middle;padding:2px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td width="20" style="vertical-align:top;padding:10px 0 0px 10px">
<img src="http://bamboo.asterisk.org/images/icons/businessman.gif" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#000;vertical-align:top;padding:10px 10px 0px 10px">
<a href="http://bamboo.asterisk.org/browse/user/mjordan" style="font-family: Arial, sans-serif; font-size: 13px; font-weight:bold; color:#000">
Matthew Jordan</a><br>
Fix remotely exploitable stack overrun in Milliwatt<br/>
<br/>
Milliwatt is vulnerable to a remotely exploitable stack overrun when using<br/>
the 'o' option. This occurs due to the milliwatt_generate function not<br/>
accounting for AST_FRIENDLY_OFFSET when calculating the maximum number of<br/>
samples it can put in the output buffer. For channels using a format with <br/>
a sample rate less than 32kHz, the buffer overrun should not be possible as<br/>
the buffer allocated is sufficient to hold the data, even with no bounds<br/>
checking. For formats with a sample rate greater then 32kHz however, the<br/>
fixed length buffer will be overrun.<br/>
<br/>
This patch resolves this issue by taking into account AST_FRIENDLY_OFFSET<br/>
when determining the maximum number of samples allowed. Note that at no<br/>
point is remote code execution possible. The data that is written into the<br/>
buffer is the pre-defined Milliwatt data, and not custom data.<br/>
<br/>
(closes issue ASTERISK-19541)<br/>
Reported by: Russell Bryant<br/>
Tested by: Matt Jordan<br/>
Patches:<br/>
milliwatt_stack_overrun.rev1.txt by Russell Bryant (license 6283)<br/>
Note that this patch was written by Russell, even though Matt uploaded it<br/>
........<br/>
<br/>
Merged revisions 359645 from <a href="http://svn.asterisk.org/svn/asterisk/branches/1.6.2">http://svn.asterisk.org/svn/asterisk/branches/1.6.2</a><br/>
........<br/>
<br/>
Merged revisions 359656 from <a href="http://svn.asterisk.org/svn/asterisk/branches/1.8">http://svn.asterisk.org/svn/asterisk/branches/1.8</a><br/>
</td>
<td width="60" style="font-family: Arial, sans-serif; font-size: 13px; ;color:#036;vertical-align:top;padding:10px 10px 0px 10px">
(359694)
</td></tr>
</table><br>
<table width="100%" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td width="60%" style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;vertical-align:top;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/test" style="text-decoration: none; font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036" >Tests</a>
</td>
<td width="40%" style="font-family: Arial, sans-serif;text-align:right;font-size:13px;color:#036;padding:5px 10px">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55/test" style="font-family: Arial, sans-serif; font-size: 13px;color:#036">See full test details</a><img src="http://bamboo.asterisk.org/images/icons/more.gif" width="15" height="15" style="vertical-align:middle;padding:2px">
</td>
</tr>
</table>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td colspan="2" width="100%" style="font-family: Arial, sans-serif; font-size: 13px; font-weight:bold; color:#000;vertical-align:top;padding:10px 0 0 10px">
New Test Failures (1)
</td>
</tr>
<tr>
<td width="20" style="vertical-align:top;padding:5px 0 5px 10px">
<img src="http://bamboo.asterisk.org/images/iconsv3/plan_failed_16.png" width="15" height="15">
</td>
<td width="100%" style="font-family: Arial, sans-serif; font-size: 13px; color:#000;vertical-align:top;padding:5px 10px">
AsteriskTestSuite :
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-AST18CENTOS64-55/test/case/16778224" style="font-family: Arial, sans-serif; font-size: 13px;color:#000">S/apps/confbridge/confbridge nominal</a>
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-AST18CENTOS64-55/test" style="font-family: Arial, sans-serif; font-size: 13px;color:#999">(Asterisk CentOS 6 64-Bit)</a>
</td>
</tr> </table><br>
</td>
<td width="150" style="vertical-align:top">
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#ecf1f7;border-top:1px solid #bbd0e5;border-bottom:1px solid #bbd0e5;color:#036;">
<tr>
<td style="font-family: Arial, sans-serif;text-align:left;font-size:16px;font-weight:bold;color:#036;vertical-align:top;padding:5px 10px">
Actions
</td>
</tr>
</table>
<table width="150" border="0" cellpadding="0" cellspacing="0" style="background-color:#f5f9fc;border-bottom:1px solid #bbd0e5;">
<tr>
<td style="font-family: Ariel, sans-serif; font-size: 13px; color:#036;vertical-align:top;padding:5px 10px;line-height:1.7">
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">View Online</a>
<br>
<a href="http://bamboo.asterisk.org/browse/TESTING-ASTERISK10BRANCH-55?commentMode=true" style="font-family: Arial, sans-serif; font-size: 13px; color:#036">Add Comments</a>
<br>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td colspan="2" align="center" style="font-family: Arial, sans-serif;text-align:center;font-size:11px;font-weight:bold;color:#999;vertical-align:top;padding:20px">
Email generated by <a href="http://bamboo.asterisk.org" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">Atlassian Bamboo</a> - if you wish to stop receiving these emails edit your <a href="http://bamboo.asterisk.org/profile/userNotifications.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">user profile</a> or <a href="http://bamboo.asterisk.org/viewAdministrators.action" style="font-family: Arial, sans-serif; font-size: 11px; color:#999">notify your administrator</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
</font>
</div>