kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-05-25 08:20:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2fa1ff6e756ce0062f506d5ccb4e872d22b9e8fd
asterisk/main
History
Richard Mudgett 7c854d65af AST-2014-001: Stack overflow in HTTP processing of Cookie headers. 
Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.

Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.

(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
........

Merged revisions 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 410381 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 410383 from http://svn.asterisk.org/svn/asterisk/branches/12


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@410395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2014-03-10 17:21:01 +00:00
..
editline
memory leaks: Memory leak cleanup patch by Corey Farrell (first set)
2013-10-23 20:10:30 +00:00
stdtime
Fix some uninitialized buffers for CDR handling valgrind found.
2013-08-28 23:15:43 +00:00
abstract_jb.c
Fix jitter buffer log file creation
2013-09-18 20:04:14 +00:00
acl.c
pjsip configuration: Make transport TOS values consistent with endpoints
2014-03-06 19:04:58 +00:00
adsi.c
Fix crash in unloading of res_adsi module
2012-06-26 13:23:12 +00:00
alaw.c
aoc.c
Fix documentation replication issues
2013-08-01 17:07:52 +00:00
app.c
stasis cache: Enhance to keep track of an item from different entities.
2014-03-07 20:41:13 +00:00
ast_expr2.c
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.fl
ast_expr2.h
Allow the REALTIME() function to report errors back to the caller.
2012-07-11 17:16:50 +00:00
ast_expr2.y
ast_expr2f.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
asterisk.c
doxygen: Tweak the link back to ye olde Digium website
2014-03-03 02:08:58 +00:00
asterisk.dynamics
asterisk.exports.in
Add _IO_stdin_used in version-script to fix SIGBUSes on Sparc.
2013-08-22 08:26:55 +00:00
astfd.c
Unregister CLI commands on exit
2013-08-20 15:36:10 +00:00
astmm.c
MALLOC_DEBUG: Change fence magic number to be completely different from the freed magic number.
2013-09-09 23:29:44 +00:00
astobj2.c
AO2: Add an assert for bad objects
2014-03-04 16:55:43 +00:00
audiohook.c
ari: Add Snoop operation for spying/whispering on channels.
2013-11-23 12:40:46 +00:00
autochan.c
autoservice.c
Don't leak frames when memory is full in autoservice_run.
2013-08-09 20:29:09 +00:00
backtrace.c
Fix memory corruption when trying to get "core show locks".
2013-08-23 18:07:40 +00:00
bridge_after.c
CDRs: fix a variety of dial status problems, h/hangup handler creating CDRs
2014-01-31 23:40:51 +00:00
bridge_basic.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
bridge_channel.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
bridge_roles.c
ARI: bridges/{bridgeID}/addChannel: add roles parameter
2013-08-05 16:59:13 +00:00
bridge.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
bucket.c
sorcery: Create AST_SORCERY dialplan function.
2014-03-06 22:39:54 +00:00
buildinfo.c
callerid.c
Allow for redirecting reasons to be set to arbitrary strings.
2012-09-25 19:29:14 +00:00
ccss.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
cdr.c
cdrs: Check for applications to lock onto during dial begin handling
2014-02-03 01:31:53 +00:00
cel.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
channel_internal_api.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
channel.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
chanvars.c
ast_free() is null tollerant.
2013-08-28 16:09:12 +00:00
cli.c
verbosity: Fix performance of console verbose messages.
2014-01-14 18:14:02 +00:00
config_options.c
config_options: Display the see-also information for CLI config option help
2014-03-07 21:54:01 +00:00
config.c
sorcery: Create AST_SORCERY dialplan function.
2014-03-06 22:39:54 +00:00
core_local.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
core_unreal.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
crypt.c
Fix utils directory breakage.
2013-07-04 13:06:15 +00:00
cygload.c
data.c
memory leaks: Memory leak cleanup patch by Corey Farrell (second set)
2013-10-24 17:00:27 +00:00
datastore.c
This is no longer needed.
2013-06-29 00:18:57 +00:00
db.c
astdb: crash in sqlite3 during shutdown
2013-12-19 16:33:09 +00:00
devicestate.c
stasis cache: Enhance to keep track of an item from different entities.
2014-03-07 20:41:13 +00:00
dial.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
dns.c
Remove redundant code in dns.c
2013-07-14 02:05:04 +00:00
dnsmgr.c
Migrate a large number of AMI events over to Stasis-Core
2013-05-24 20:44:07 +00:00
dsp.c
Doxygen Updates - Title update
2012-10-18 14:17:40 +00:00
ecdisa.h
endpoints.c
channel locking: Add locking for channel snapshot creation
2013-12-18 20:33:37 +00:00
enum.c
Migrate a large number of AMI events over to Stasis-Core
2013-05-24 20:44:07 +00:00
event.c
Fix incorrect usages of ast_realloc().
2013-09-10 18:05:47 +00:00
features_config.c
Features: Rearm the parking config options have moved warning for each reload.
2013-10-01 16:44:22 +00:00
features.c
Documentation: doc fixes across various parts of the code for ASTERISK issues 23061,23028,23046,23027
2014-01-17 17:16:14 +00:00
file.c
Protect ast_filestream object when on a channel
2014-01-27 01:25:23 +00:00
fixedjitterbuf.c
fixedjitterbuf.h
format_cap.c
Cache string values of formats on ast_format_cap() to save processing.
2013-10-03 14:58:16 +00:00
format_pref.c
pjsip: fix support for allow=all
2014-01-17 21:33:26 +00:00
format.c
format.c: correct possible null pointer dereference
2014-02-14 21:29:31 +00:00
frame.c
pjsip: fix support for allow=all
2014-01-17 21:33:26 +00:00
framehook.c
framehooks: Re-iterate if framehook provides different frame.
2013-12-17 18:26:09 +00:00
fskmodem_float.c
fskmodem_int.c
fskmodem.c
global_datastores.c
hashtab.c
Fix utilities compilation/linking.
2013-08-16 16:26:11 +00:00
heap.c
Fix incorrect usages of ast_realloc().
2013-09-10 18:05:47 +00:00
http.c
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
2014-03-10 17:21:01 +00:00
image.c
Reset automerge property.
2012-12-11 22:25:21 +00:00
indications.c
Fix incorrect usages of ast_realloc().
2013-09-10 18:05:47 +00:00
io.c
jitterbuf.c
jitterbuf: Fix memory leak on jitter buffer reset
2013-10-24 19:42:21 +00:00
json.c
json: Fix json API wrapper code for json library versions earlier than 2.3.0.
2014-02-21 17:47:58 +00:00
libasteriskssl.c
Resolve memory leaks in TLS initialization and TLS client connections
2012-09-14 19:53:43 +00:00
libasteriskssl.exports.in
loader.c
core/loader: Don't call dlclose in a while loop
2013-10-31 16:06:14 +00:00
lock.c
Fix DEBUG_THREADS when lock is acquired in __constructor__
2013-09-09 20:13:40 +00:00
logger.c
Logger: Add dynamic logger channels
2014-02-13 15:51:22 +00:00
Makefile
Add the bucket API.
2013-08-23 21:49:47 +00:00
manager_bridges.c
bridging: Give bridges a name and a known creator
2013-12-17 23:25:49 +00:00
manager_channels.c
CDRs: fix a variety of dial status problems, h/hangup handler creating CDRs
2014-01-31 23:40:51 +00:00
manager_endpoints.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager_mwi.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager_system.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
manager.c
unqiueid: correct max uniqueid length test
2014-03-10 16:33:10 +00:00
md5.c
media_index.c
media_index: Make media indexing tolerable of bad symlinks.
2013-12-03 16:39:13 +00:00
message.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
mixmonitor.c
Removed quotes from svn:keywords props on a few files.
2013-07-29 17:51:25 +00:00
named_acl.c
Fix various memory leaks
2013-08-30 19:22:59 +00:00
netsock2.c
Add IPv6 Support To chan_iax2
2013-10-04 21:41:58 +00:00
netsock.c
Add IPv6 Support To chan_iax2
2013-10-04 21:41:58 +00:00
optional_api.c
optional_api: Make always use the standard malloc functions even with MALLOC_DEBUG.
2013-09-19 23:20:43 +00:00
parking.c
astobj2: Add warn unused attribute to some functions.
2013-09-06 19:26:48 +00:00
pbx.c
uniqueid: channel linkedid, ami, ari object creation with id's
2014-03-07 15:47:55 +00:00
pickup.c
channel locking: Add locking for channel snapshot creation
2013-12-18 20:33:37 +00:00
plc.c
poll.c
presencestate.c
Strip down the old event system
2013-08-17 14:39:27 +00:00
privacy.c
rtp_engine.c
rtp_engine: Dynamic payload change in rtp mapping not supported
2014-02-21 18:37:24 +00:00
say.c
say.c: correct time for polish
2013-12-20 21:18:00 +00:00
sched.c
scheduler: Remove hashtab usage.
2014-02-11 20:17:42 +00:00
sdp_srtp.c
Merge in current pimp_my_sip work, including:
2013-06-22 14:03:22 +00:00
security_events.c
security_events: Fix assertion failure in dev-mode on optional IE parsing
2014-02-07 20:17:50 +00:00
sem.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
sha1.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
sip_api.c
Don't make chan_sip export global symbols.
2012-10-11 15:49:02 +00:00
slinfactory.c
Fix a memory copying bug in slinfactory which was causing mixmonitor issues.
2013-05-28 17:47:29 +00:00
sorcery.c
pjsip_cli: Create pjsip show channel and contact, and general cli code cleanup.
2014-03-08 16:50:36 +00:00
sounds_index.c
Whitespace fixes.
2013-12-20 19:06:57 +00:00
srv.c
Removed #if checks for crazy old versions of OS X.
2013-05-08 20:25:28 +00:00
stasis_bridges.c
res_stasis: Enable transfers and provide events when they occur.
2014-02-01 16:26:57 +00:00
stasis_cache_pattern.c
Multiple revisions 399887,400138,400178,400180-400181
2013-09-30 18:55:27 +00:00
stasis_cache.c
stasis cache: Enhance to keep track of an item from different entities.
2014-03-07 20:41:13 +00:00
stasis_channels.c
json: Fix off-nominal json ref counting issues.
2014-02-21 18:04:54 +00:00
stasis_endpoints.c
ARI: correct upper/lower case URI discrepancies
2014-02-14 21:44:57 +00:00
stasis_message_router.c
stasis: Add methods to allow for synchronous publishing to subscriber
2014-01-12 22:07:01 +00:00
stasis_message.c
stasis cache: Enhance to keep track of an item from different entities.
2014-03-07 20:41:13 +00:00
stasis_system.c
Convert CCSS manager events to stasis.
2013-07-19 18:00:35 +00:00
stasis.c
stasis.c: Misc code cleanups.
2014-02-28 23:31:58 +00:00
strcompat.c
Add builtin roundf() for systems lacking it.
2013-01-19 20:54:07 +00:00
strings.c
string container: Remove unnecessary RAII_VAR usage and string object lock.
2014-01-14 21:46:50 +00:00
stun.c
Reset automerge property.
2012-12-11 22:25:21 +00:00
syslog.c
taskprocessor.c
taskprocessor: Made use pthread_equal() to compare thread ids.
2013-10-25 23:58:32 +00:00
tcptls.c
tcptls.c: Made TLS handle a certificate chain file.
2014-02-04 18:16:09 +00:00
tdd.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
term.c
Revamp of terminal color codes
2013-02-14 18:47:56 +00:00
test.c
test.c: Fix too sticky unit test failed status.
2013-12-13 20:17:22 +00:00
threadpool.c
Fix threadpool rapid growth problem.
2013-06-20 16:29:35 +00:00
threadstorage.c
Unregister CLI commands on exit
2013-08-20 15:36:10 +00:00
timing.c
timing: Improve performance for most timing implementations.
2014-02-07 20:01:45 +00:00
translate.c
translate: Move freeing of frame to after it is used.
2013-11-22 17:12:29 +00:00
udptl.c
res_rtp_asterisk & udptl: fix port selection to work with SELinux restrictions
2014-01-30 20:36:21 +00:00
ulaw.c
utils.c
Thread Debugging: Add LWP to core show locks output
2014-01-24 22:34:23 +00:00
uuid.c
Add an \extref doxygen pointer for libuuid.
2013-04-26 20:32:11 +00:00
xml.c
Detect and use xsltCleanupGlobals when available
2013-10-03 18:00:15 +00:00
xmldoc.c
func_channel, chan_pjsip: Add CHANNEL read function support for chan_pjsip
2013-12-11 13:06:30 +00:00