AST-2013-001: Prevent buffer overflow through H.264 format negotiation
authorMatthew Jordan <mjordan@digium.com>
Wed, 27 Mar 2013 14:28:36 +0000 (14:28 +0000)
committerMatthew Jordan <mjordan@digium.com>
Wed, 27 Mar 2013 14:28:36 +0000 (14:28 +0000)
commit4b5a0e1932104adb25132d31bf84f1caf621d8bc
tree48883b894f43da3f722a808b475698f0b8c7caa9
parent63a4da4eba118b62086b085a52dda856921bb070
AST-2013-001: Prevent buffer overflow through H.264 format negotiation

The format attribute resource for H.264 video performs an unsafe read against a
media attribute when parsing the SDP. The value passed in with the format
attribute is not checked for its length when parsed into a fixed length buffer.
This patch resolves the vulnerability by only reading as many characters from
the SDP value as will fit into the buffer.

(closes issue ASTERISK-20901)
Reported by: Ulf Harnhammar
patches:
  h264_overflow_security_patch.diff uploaded by jrose (License 6182)
........

Merged revisions 383973 from http://svn.asterisk.org/svn/asterisk/branches/11

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
res/res_format_attr_h264.c