AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
authorMatthew Jordan <mjordan@digium.com>
Mon, 23 Apr 2012 13:53:24 +0000 (13:53 +0000)
committerMatthew Jordan <mjordan@digium.com>
Mon, 23 Apr 2012 13:53:24 +0000 (13:53 +0000)
commitc37c7b4a2c18b13c301b190567dc5619557c5e4a
tree43501fe966094d3680119d62bf5590c6a4f0c565
parenteb0a8df41c1179d038e81a1ef9945e171567fd82
AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling

When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue.  When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue.  The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun.  This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.

(closes issue ASTERISK-19592)
Reported by: Russell Bryant
........

Merged revisions 363100 from http://svn.asterisk.org/svn/asterisk/branches/1.6.2
........

Merged revisions 363102 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 363103 from http://svn.asterisk.org/svn/asterisk/branches/10

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@363105 65c4cc65-6c06-0410-ace0-fbb531ad65f3
channels/chan_skinny.c