kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-06-14 19:57:03 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
286cf80becb9b069a76c4c3b7bcfac2efaaa4edd
asterisk/res
History
Sean Bright 33ca3664ca AST-2018-009: Fix crash processing websocket HTTP Upgrade requests 
The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.

* No longer allocate memory from the stack in a loop to parse the header
values.  NOTE: There is a slight API change when using the passed in
strings as is.  We now require the passed in strings to no longer have
leading or trailing whitespace.  This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.

ASTERISK-28013 #close

Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
2018-09-20 10:47:44 -05:00
..
ael
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
ari
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
parking
Fix Common Typo's.
2017-12-20 12:54:13 -05:00
res_pjsip
pjproject: Upgrade to 2.8.
2018-09-18 09:31:06 +00:00
snmp
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
srtp
res_srtp: Add support for libsrtp2.x on openSUSE.
2018-03-12 10:22:43 +01:00
stasis
VECTOR: Passing parameters with side effects to macros is dangerous.
2018-06-21 16:57:47 -05:00
stasis_recording
res_stasis_recording: Allow symbolic links in configured recordings dir.
2018-01-12 19:05:12 -06:00
ari.make
Makefile
Fix GCC 8 build issues.
2018-05-11 09:58:19 -04:00
res_adsi.c
res_ael_share.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_ael_share.exports.in
res_agi.c
utils: Add convenience function for setting fd flags
2017-12-08 14:27:50 -05:00
res_agi.exports.in
res_ari_applications.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_asterisk.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_bridges.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_channels.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_device_states.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_endpoints.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_events.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_mailboxes.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_model.c
modules: change module LOAD_FAILUREs to LOAD_DECLINES
2017-04-12 16:46:22 -05:00
res_ari_model.exports.in
res_ari_playbacks.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_recordings.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari_sounds.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_ari.exports.in
res_calendar_caldav.c
res_calendar: Specialized calendars depend on symbols of general calendar.
2018-02-16 05:59:15 -06:00
res_calendar_ews.c
res_calendar: Specialized calendars depend on symbols of general calendar.
2018-02-16 05:59:15 -06:00
res_calendar_exchange.c
res_calendar: Specialized calendars depend on symbols of general calendar.
2018-02-16 05:59:15 -06:00
res_calendar_icalendar.c
res_calendar: Specialized calendars depend on symbols of general calendar.
2018-02-16 05:59:15 -06:00
res_calendar.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_calendar.exports.in
res_chan_stats.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_clialiases.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_clioriginate.c
manager: Restore Originate failure behavior from Asterisk 11
2017-02-10 18:01:54 -05:00
res_config_curl.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_config_ldap.c
res_config_ldap.c: Fix mem leak in CLI "realtime show ldap status"
2018-07-17 10:18:55 -05:00
res_config_odbc.c
BuildSystem: Depend not implicitly but explicitly on external libraries.
2018-03-06 07:34:04 -06:00
res_config_pgsql.c
Replace direct checks of option_debug with DEBUG_ATLEAST macro.
2018-03-07 17:02:49 -05:00
res_config_sqlite3.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_config_sqlite.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_convert.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_corosync.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_crypto.c
res_crypto: Allow OpenSSL configured with no-deprecated.
2018-06-08 11:06:44 +02:00
res_crypto.exports.in
res_curl.c
General: Silence modules on (un)load.
2018-01-06 20:08:16 -06:00
res_endpoint_stats.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_fax_spandsp.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_fax.c
res_fax: Handle fax gateway being started more than once.
2018-08-29 07:18:08 -03:00
res_fax.exports.in
res_format_attr_celt.c
res_format_attr_g729.c
res_format_attr_g729: Add annexb=no format parameter to SDPs
2016-08-18 17:15:04 -05:00
res_format_attr_h263.c
Loader: Remove unneeded load_pri declarations.
2017-11-20 14:10:09 -05:00
res_format_attr_h264.c
Loader: Remove unneeded load_pri declarations.
2017-11-20 14:10:09 -05:00
res_format_attr_opus.c
Fix Common Typo's.
2017-12-20 12:54:13 -05:00
res_format_attr_silk.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_format_attr_siren7.c
siren: Add format attribute modules for Siren7 and Siren14.
2016-06-23 10:03:01 -03:00
res_format_attr_siren14.c
siren: Add format attribute modules for Siren7 and Siren14.
2016-06-23 10:03:01 -03:00
res_format_attr_vp8.c
res_hep_pjsip.c
Loader: Remove unneeded load_pri declarations.
2017-11-20 14:10:09 -05:00
res_hep_rtcp.c
Loader: Remove unneeded load_pri declarations.
2017-11-20 14:10:09 -05:00
res_hep.c
res_hep: Adds hostname resolution support for capture_address
2018-05-09 14:14:08 -06:00
res_hep.exports.in
res_http_post.c
res_http_post: Enable GMime in Solaris 11.
2018-06-21 10:18:55 -06:00
res_http_websocket.c
AST-2018-009: Fix crash processing websocket HTTP Upgrade requests
2018-09-20 10:47:44 -05:00
res_http_websocket.exports.in
res_limit.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_manager_devicestate.c
res_manager_presencestate.c
res_monitor.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_monitor.exports.in
res_musiconhold.c
res_musiconhold.c: Restart MOH if previous hold just reached end-of-file
2018-09-06 19:39:05 -05:00
res_mutestream.c
res_mwi_external_ami.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_mwi_external.c
res_mwi_external.exports.in
res_odbc_transaction.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_odbc_transaction.exports.in
res_odbc.c
BuildSystem: Remove unused dependency on libltdl.
2018-03-17 04:02:17 -06:00
res_odbc.exports.in
res_parking.c
aco: Minimize use of regex.
2017-12-15 10:20:51 -05:00
res_phoneprov.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_phoneprov.exports.in
res_pjproject.c
res_pjproject: Fix sockaddr conversion routines for non-bundled PJSIP
2018-09-12 08:21:48 -04:00
res_pjproject.exports.in
res_pjproject: Add utility functions to convert between socket structures
2018-09-06 14:19:06 -04:00
res_pjsip_acl.c
res_pjsip_authenticator_digest.c
res_pjsip_authenticator_digest.c: Fix sorcery's immutable contract violation.
2017-02-20 22:20:54 -06:00
res_pjsip_caller_id.c
res_pjsip_caller_id: Add "party" parameter to RPID header.
2018-08-14 10:55:37 -03:00
res_pjsip_config_wizard.c
res_pjsip_config_wizard: Fix leaks and add check for malloc failure.
2017-11-06 18:46:54 -05:00
res_pjsip_dialog_info_body_generator.c
res_pjsip: New endpoint option "notify_early_inuse_ringing"
2017-06-16 12:08:27 -04:00
res_pjsip_diversion.c
res_pjsip: Fix known compact header issues
2016-12-31 18:56:09 -07:00
res_pjsip_dlg_options.c
res_pjsip: Assign support levels to a few modules
2017-12-12 11:07:01 -06:00
res_pjsip_dtmf_info.c
res_pjsip_empty_info.c
res_pjsip_endpoint_identifier_anonymous.c
endpoint identifiers: Some code cleanup.
2018-02-02 17:57:06 -06:00
res_pjsip_endpoint_identifier_ip.c
res_pjsip_endpoint_identifier_ip.c: Added regex support to match_header
2018-07-27 10:58:06 -05:00
res_pjsip_endpoint_identifier_user.c
endpoint identifiers: Some code cleanup.
2018-02-02 17:57:06 -06:00
res_pjsip_exten_state.c
res_pjsip_pubsub: Correctly implement persisted subscriptions
2017-02-15 12:11:18 -07:00
res_pjsip_exten_state.exports.in
res_pjsip_header_funcs.c
res_pjsip.c: Split ast_sip_push_task_synchronous() to fit expectations.
2018-04-12 17:15:10 -05:00
res_pjsip_history.c
VECTOR: Passing parameters with side effects to macros is dangerous.
2018-06-21 16:57:47 -05:00
res_pjsip_logger.c
res_pjsip: Log IPv6 addresses correctly
2018-09-14 15:58:59 -04:00
res_pjsip_messaging.c
res_pjsip: Change log message from error to warning for valid use cases
2018-07-24 07:19:28 -05:00
res_pjsip_mwi_body_generator.c
res_pjsip_mwi.c
res_pjsip_mwi.c: Fix null pointer crash
2018-02-01 15:32:31 -06:00
res_pjsip_nat.c
res/res_pjsip: Standardize/fix localnet checks across pjsip.
2017-09-05 16:16:01 +02:00
res_pjsip_notify.c
res_pjsip_notify.c: enable in-dialog NOTIFY
2018-04-11 10:36:52 -06:00
res_pjsip_one_touch_record_info.c
modules: change module LOAD_FAILUREs to LOAD_DECLINES
2017-04-12 16:46:22 -05:00
res_pjsip_outbound_authenticator_digest.c
res_pjsip: Log IPv6 addresses correctly
2018-09-14 15:58:59 -04:00
res_pjsip_outbound_publish.c
res_pjsip.c: Split ast_sip_push_task_synchronous() to fit expectations.
2018-04-12 17:15:10 -05:00
res_pjsip_outbound_publish.exports.in
res_pjsip_outbound_registration.c
Merge "res_pjsip: Fix deadlock on reliable transport shutdown." into 13
2018-04-18 17:20:19 -05:00
res_pjsip_path.c
res_pjsip: Add ignore_uri_user_options option.
2016-09-09 17:09:54 -05:00
res_pjsip_phoneprov_provider.c
res_pjsip: Assign support levels to a few modules
2017-12-12 11:07:01 -06:00
res_pjsip_pidf_body_generator.c
res_pjsip_pidf_eyebeam_body_supplement: Correct status presentation
2017-08-01 15:44:30 -06:00
res_pjsip_pidf_digium_body_supplement.c
res_pjsip_pidf_eyebeam_body_supplement.c
res_pjsip_pidf_eyebeam_body_supplement: Correct status presentation
2017-08-01 15:44:30 -06:00
res_pjsip_publish_asterisk.c
res_pjsip: Assign support levels to a few modules
2017-12-12 11:07:01 -06:00
res_pjsip_pubsub.c
res_pjsip_pubsub: Use ast_true for "prune_on_boot".
2018-07-28 13:00:40 +00:00
res_pjsip_pubsub.exports.in
res_pjsip_refer.c
res_pjsip.c: Split ast_sip_push_task_synchronous() to fit expectations.
2018-04-12 17:15:10 -05:00
res_pjsip_registrar_expire.c
modules: Set deprecated modules to not build by default
2018-02-22 11:48:00 -05:00
res_pjsip_registrar.c
res_pjsip_registrar: Improve performance on inbound handling.
2018-08-03 06:09:33 -03:00
res_pjsip_rfc3326.c
res_pjsip: Add 'suppress_q850_reason_headers' option to endpoint
2018-07-06 06:57:37 -06:00
res_pjsip_sdp_rtp.c
res/res_pjsip_sdp_rtp: put rtcp-mux in answer only if offered
2018-08-09 09:34:17 +02:00
res_pjsip_send_to_voicemail.c
modules: change module LOAD_FAILUREs to LOAD_DECLINES
2017-04-12 16:46:22 -05:00
res_pjsip_session.c
res_pjsip: Log IPv6 addresses correctly
2018-09-14 15:58:59 -04:00
res_pjsip_session.exports.in
res/res_pjsip_session: allow SDP answer to be regenerated
2017-08-22 12:22:56 +00:00
res_pjsip_sips_contact.c
res_pjsip_t38.c
Merge "res_pjsip_t38.c: Be smarter about how we respond when T.38 is disabled." into 13
2018-07-10 06:54:51 -05:00
res_pjsip_transport_websocket.c
res_pjsip: Log IPv6 addresses correctly
2018-09-14 15:58:59 -04:00
res_pjsip_xpidf_body_generator.c
res_pjsip: New endpoint option "notify_early_inuse_ringing"
2017-06-16 12:08:27 -04:00
res_pjsip.c
res_pjsip: Log IPv6 addresses correctly
2018-09-14 15:58:59 -04:00
res_pjsip.exports.in
res_pktccops.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_pktccops.exports.in
res_realtime.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_rtp_asterisk.c
res/res_rtp_asterisk: remove debug traces generated by an empty frame
2018-08-21 18:24:48 -05:00
res_rtp_multicast.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_rtp_multicast.exports.in
chan_rtp: Backport changes from master.
2016-06-10 17:24:00 -05:00
res_security_log.c
res_smdi.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_smdi.exports.in
res_snmp.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_sorcery_astdb.c
astdb: Improve prefix searches in astdb
2017-12-10 12:41:51 -06:00
res_sorcery_config.c
res_sorcery_config: Allow configuration section to be used based on name.
2018-07-18 17:42:37 +00:00
res_sorcery_memory_cache.c
sorcery: Add ast_sorcery_retrieve_by_prefix()
2017-11-13 15:08:50 -05:00
res_sorcery_memory.c
sorcery: Add ast_sorcery_retrieve_by_prefix()
2017-11-13 15:08:50 -05:00
res_sorcery_realtime.c
res_sorcery_realtime.c: Fix unqualified fetch warning.
2018-08-17 16:33:00 -05:00
res_speech.c
res_stasis and res_speech: Fix load order.
2017-12-07 20:41:58 -05:00
res_speech.exports.in
res_srtp.c
autoconf: Check for srtp_get_version_string() before using it
2018-09-17 11:42:07 -04:00
res_srtp.exports.in
res_stasis_answer.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_answer.exports.in
res_stasis_device_state.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_device_state.exports.in
res_stasis_mailbox.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_mailbox.exports.in
res_stasis_playback.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_playback.exports.in
res_stasis_recording.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_recording.exports.in
res_stasis_snoop.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_snoop.exports.in
res_stasis_test.c
optional_api: Remove unused nonoptreq fields
2018-09-12 19:15:33 +02:00
res_stasis_test.exports.in
res_stasis.c
res_stasis: Reduce RAII_VAR usage.
2018-01-08 17:51:28 -06:00
res_stasis.exports.in
res_statsd.c
aco: Minimize use of regex.
2017-12-15 10:20:51 -05:00
res_statsd.exports.in
res_stun_monitor.c
res_stun_monitor: Don't fail to load if DNS resolution fails
2017-04-14 17:50:56 -04:00
res_timing_dahdi.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_timing_kqueue.c
res_timing_pthread.c
Remove as much trailing whitespace as possible.
2017-12-22 09:14:07 -05:00
res_timing_timerfd.c
res_xmpp.c
aco: Minimize use of regex.
2017-12-15 10:20:51 -05:00
res_xmpp.exports.in
res.xml
Create --disable-binary-modules option.
2018-08-27 13:51:29 -05:00