AST-2014-001: Stack overflow in HTTP processing of Cookie headers.
authorRichard Mudgett <rmudgett@digium.com>
Mon, 10 Mar 2014 17:21:01 +0000 (17:21 +0000)
committerRichard Mudgett <rmudgett@digium.com>
Mon, 10 Mar 2014 17:21:01 +0000 (17:21 +0000)
commit7c854d65afd3a969bdbd9b3a521cff1fad5809c2
tree228ee704edec9612ce0d36cb255d52ac248209cf
parentef69b5176daa82ba7edc09216fe0594e008098e0
AST-2014-001: Stack overflow in HTTP processing of Cookie headers.

Sending a HTTP request that is handled by Asterisk with a large number of
Cookie headers could overflow the stack.

Another vulnerability along similar lines is any HTTP request with a
ridiculous number of headers in the request could exhaust system memory.

(closes issue ASTERISK-23340)
Reported by: Lucas Molas, researcher at Programa STIC, Fundacion; and Dr. Manuel Sadosky, Buenos Aires, Argentina
........

Merged revisions 410380 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 410381 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 410383 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@410395 65c4cc65-6c06-0410-ace0-fbb531ad65f3
main/http.c