mirror of
https://github.com/asterisk/asterisk.git
synced 2025-10-27 06:31:54 +00:00
b3b33b0226
........ r363102 | mjordan | 2012-04-23 08:37:55 -0500 (Mon, 23 Apr 2012) | 16 lines AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling When handling a keypad button message event, the received digit is placed into a fixed length buffer that acts as a queue. When a new message event is received, the length of that buffer is not checked before placing the new digit on the end of the queue. The situation exists where sufficient keypad button message events would occur that would cause the buffer to be overrun. This patch explicitly checks that there is sufficient room in the buffer before appending a new digit. (closes issue ASTERISK-19592) Reported by: Russell Bryant ........ Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2 ........ r363106 | mjordan | 2012-04-23 09:05:02 -0500 (Mon, 23 Apr 2012) | 17 lines AST-2012-006: Fix crash in UPDATE handling when no channel owner exists If Asterisk receives a SIP UPDATE request after a call has been terminated and the channel has been destroyed but before the SIP dialog has been destroyed, a condition exists where a connected line update would be attempted on a non-existing channel. This would cause Asterisk to crash. The patch resolves this by first ensuring that the SIP dialog has an owning channel before attempting a connected line update. If an UPDATE request is received and no channel is associated with the dialog, a 481 response is sent. (closes issue ASTERISK-19770) Reported by: Thomas Arimont Tested by: Matt Jordan Patches: ASTERISK-19278-2012-04-16.diff uploaded by Matt Jordan (license 6283) ........ r363141 | jrose | 2012-04-23 09:33:16 -0500 (Mon, 23 Apr 2012) | 20 lines AST-2012-004: Fix an error that allows AMI users to run shell commands sans authorization. As detailed in the advisory, AMI users without write authorization for SYSTEM class AMI actions were able to run system commands by going through other AMI commands which did not require that authorization. Specifically, GetVar and Status allowed users to do this by setting their variable/s options to the SHELL or EVAL functions. Also, within 1.8, 10, and trunk there was a similar flaw with the Originate action that allowed users with originate permission to run MixMonitor and supply a shell command in the Data argument. That flaw is fixed in those versions of this patch. (closes issue ASTERISK-17465) Reported By: David Woolley Patches: 162_ami_readfunc_security_r2.diff uploaded by jrose (license 6182) 18_ami_readfunc_security_r2.diff uploaded by jrose (license 6182) 10_ami_readfunc_security_r2.diff uploaded by jrose (license 6182) ........ Merged revisions 363117 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2 ........ Merged revisions 363102,363106,363141 from http://svn.asterisk.org/svn/asterisk/branches/1.8 git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8-digiumphones@363161 65c4cc65-6c06-0410-ace0-fbb531ad65f3