Fix remotely exploitable stack overflow in HTTP manager
authorMatthew Jordan <mjordan@digium.com>
Thu, 15 Mar 2012 19:11:03 +0000 (19:11 +0000)
committerMatthew Jordan <mjordan@digium.com>
Thu, 15 Mar 2012 19:11:03 +0000 (19:11 +0000)
commitcca1f9f48a2a0a40ba8b39e169bd82bf0411a23e
tree5f944386c1a40b4a1cd34bf23ee6e2697ee81f0d
parentc65b41f57af918f7c6f5bb18c23347d7727a7fbc
Fix remotely exploitable stack overflow in HTTP manager

There exists a remotely exploitable stack buffer overflow in HTTP digest
authentication handling in Asterisk.  The particular method in question
is only utilized by HTTP AMI.  When parsing the digest information, the
length of the string is not checked when it is copied into temporary buffers
allocated on the stack.

This patch fixes this behavior by parsing out pre-defined key/value pairs
and avoiding unnecessary copies to the stack.

(closes issue ASTERISK-19542)
Reported by: Russell Bryant
Tested by: Matt Jordan
........

Merged revisions 359706 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 359707 from http://svn.asterisk.org/svn/asterisk/branches/10

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@359708 65c4cc65-6c06-0410-ace0-fbb531ad65f3
main/utils.c