kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-29 18:19:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d236e3d1b1b38a2a900e995db88afd31567a63c6
asterisk/main
History
Mark Michelson d236e3d1b1 Fixing a potential buffer overflow in the manager command ModuleCheck. 
Though this overflow is exploitable remotely, we are NOT issuing a security
advisory for this since in order to exploit the overflow, the attacker would
have to establish an authenticated manager session AND have the system privilege.
By gaining this privilege, the attacker already has more powerful weapons at his
disposal than overflowing a buffer with a malformed manager header, so the vulnerability
in this case really lies with the authentication method that allowed the attacker to 
gain the system privilege in the first place.



git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@108529 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2008-03-13 20:59:00 +00:00
..
db1-ast
clean up assembler and preprocessor files if they are here too
2007-10-29 22:24:44 +00:00
editline
Merged revisions 107352 via svnmerge from
2008-03-11 11:36:51 +00:00
libresample
Add doxygen documentation to libresample.h while it's still fresh on my mind
2008-01-02 21:49:44 +00:00
minimime
more header removal/normalization
2007-11-21 00:23:49 +00:00
stdtime
Merged revisions 103845 via svnmerge from
2008-02-20 18:28:00 +00:00
abstract_jb.c
Doxygen updates
2008-01-22 08:58:46 +00:00
acl.c
Merged revisions 101772 via svnmerge from
2008-02-01 16:01:22 +00:00
adsistub.c
remove a bunch of useless #include "options.h"
2007-11-21 23:09:02 +00:00
aescrypt.c
use the OpenSSL AES implementation if it's available (unless configured not to)
2007-05-24 22:07:50 +00:00
aeskey.c
use the OpenSSL AES implementation if it's available (unless configured not to)
2007-05-24 22:07:50 +00:00
aesopt.h
aestab.c
use the OpenSSL AES implementation if it's available (unless configured not to)
2007-05-24 22:07:50 +00:00
alaw.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
app.c
Create a centralized configuration option for silencethreshold
2008-03-05 16:23:44 +00:00
ast_expr2.c
Terry found this problem with running the expr2 parser on OSX. Make the #defines come out the same between the parser & lexer.
2008-01-16 01:35:10 +00:00
ast_expr2.fl
Merged revisions 97849 via svnmerge from
2008-01-10 20:45:05 +00:00
ast_expr2.h
Terry found this problem with running the expr2 parser on OSX. Make the #defines come out the same between the parser & lexer.
2008-01-16 01:35:10 +00:00
ast_expr2.y
Terry found this problem with running the expr2 parser on OSX. Make the #defines come out the same between the parser & lexer.
2008-01-16 01:35:10 +00:00
ast_expr2f.c
Fix up some doxygen issues.
2008-02-15 17:29:08 +00:00
asterisk.c
Merged revisions 106552 via svnmerge from
2008-03-07 06:54:47 +00:00
astmm.c
Get rid of any remaining ast_verbose calls in the code in favor of
2008-02-05 23:00:15 +00:00
astobj2.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
audiohook.c
Merged revisions 108083 via svnmerge from
2008-03-12 18:29:33 +00:00
autoservice.c
Merged revisions 105565 via svnmerge from
2008-03-03 16:02:19 +00:00
buildinfo.c
callerid.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
cdr.c
way back in July, in r.75706, a fix was made ot the strftime usages, which was good, but in this case, the check for a nil time was accidentally removed, and now it is restored, to keep timevals like '1969-12-31 17:00:00' from showing up in the cdrs. No idea what databases will do with this. No bugs filed as yet, but it felt like a bug.
2008-03-10 14:55:21 +00:00
channel.c
Merged revisions 108135 via svnmerge from
2008-03-12 19:59:05 +00:00
chanvars.c
another bunch of include removals (errno.h and asterisk/logger.h)
2007-11-19 19:09:03 +00:00
cli.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
config.c
An offhand comment from Russell made me realize that the configuration file
2008-03-11 22:55:16 +00:00
cryptostub.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
cygload.c
Doxygen updates, formatting.
2007-12-11 22:20:22 +00:00
db.c
Several manager changes:
2008-01-10 00:12:35 +00:00
devicestate.c
Merged revisions 96644 via svnmerge from
2008-01-05 02:12:10 +00:00
dial.c
Merged revisions 106235 via svnmerge from
2008-03-05 22:43:22 +00:00
dlfcn.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
dns.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
dnsmgr.c
Merged revisions 100465 via svnmerge from
2008-01-27 22:35:29 +00:00
dsp.c
Fix code up to what it was meant to be.
2008-03-05 16:39:22 +00:00
ecdisa.h
enum.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
event.c
Fix a small logic error in ast_event_iterator_next. The previous logic allowed for the iterator
2008-02-13 00:55:09 +00:00
features.c
Merged revisions 107646 via svnmerge from
2008-03-11 19:23:28 +00:00
file.c
Merge changes from team/russell/g722-sillyness ...
2008-03-07 00:24:58 +00:00
fixedjitterbuf.c
Start untangling header inclusion in a way that does not affect
2007-11-16 20:04:58 +00:00
fixedjitterbuf.h
frame.c
Merged revisions 106552 via svnmerge from
2008-03-07 06:54:47 +00:00
fskmodem.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
global_datastores.c
Asterisk, when parking can drop rights a caller when a parking timeout occurs. Also, when doing built-in attended transfers, sometimes incorrectly passes rights from the transferrer to the transferee. This patch tries to fixes the parking issue and lays some groundwork for later fixing the transfer issue.
2008-03-01 01:30:37 +00:00
hashtab.c
Make it so you don't have to cast away const in a couple places
2008-03-04 04:47:32 +00:00
http.c
Make the default prefix empty, like it was in Asterisk 1.4.
2008-03-12 22:49:26 +00:00
image.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
indications.c
Just some minor coding style cleanup...
2008-02-11 18:27:47 +00:00
io.c
Merged revisions 94977 via svnmerge from
2007-12-27 20:11:20 +00:00
jitterbuf.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
loader.c
Revert several changes from revision 102525, as the changes were not
2008-03-12 05:46:39 +00:00
logger.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
Makefile
Merged revisions 107408 via svnmerge from
2008-03-11 14:09:49 +00:00
manager.c
Fixing a potential buffer overflow in the manager command ModuleCheck.
2008-03-13 20:59:00 +00:00
md5.c
Start untangling header inclusion in a way that does not affect
2007-11-16 20:04:58 +00:00
netsock.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
pbx.c
(closes issue #6019)
2008-03-10 21:48:20 +00:00
plc.c
Start untangling header inclusion in a way that does not affect
2007-11-16 20:04:58 +00:00
poll.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
privacy.c
remove a bunch of useless #include "options.h"
2007-11-21 23:09:02 +00:00
rtp.c
Merged revisions 106606 via svnmerge from
2008-03-07 15:22:34 +00:00
say.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
sched.c
remove a bunch of useless #include "options.h"
2007-11-21 23:09:02 +00:00
sha1.c
more header removal/normalization
2007-11-21 00:23:49 +00:00
slinfactory.c
Doxygenify slinfactory a bit.
2008-03-12 21:06:50 +00:00
srv.c
Convert ast_verbose to ast_verb.
2007-12-14 14:48:38 +00:00
strcompat.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
tcptls.c
Rename ast_tcptls_server_instance to session_instance, since this pertains to
2008-03-12 22:13:18 +00:00
tdd.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
term.c
Whitespace changes only
2008-03-04 23:04:29 +00:00
threadstorage.c
Merged revisions 91192 via svnmerge from
2007-12-05 17:49:03 +00:00
translate.c
Merged revisions 105932 via svnmerge from
2008-03-05 01:54:16 +00:00
udptl.c
Merged revisions 107352 via svnmerge from
2008-03-11 11:36:51 +00:00
ulaw.c
another bunch of include removals (errno.h and asterisk/logger.h)
2007-11-19 19:09:03 +00:00
utils.c
Whitespace changes only
2008-03-04 23:04:29 +00:00