kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-05-19 05:30:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ec144089eaffe07e07521ccdf27109e7e431ab40
asterisk/res
History
Matthew Jordan 4b5a0e1932 AST-2013-001: Prevent buffer overflow through H.264 format negotiation 
The format attribute resource for H.264 video performs an unsafe read against a
media attribute when parsing the SDP. The value passed in with the format
attribute is not checked for its length when parsed into a fixed length buffer.
This patch resolves the vulnerability by only reading as many characters from
the SDP value as will fit into the buffer.

(closes issue ASTERISK-20901)
Reported by: Ulf Harnhammar
patches:
  h264_overflow_security_patch.diff uploaded by jrose (License 6182)
........

Merged revisions 383973 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@383975 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2013-03-27 14:28:36 +00:00
..
ael
Clean up and ensure proper usage of alloca()
2012-07-31 20:21:43 +00:00
snmp
Add The Status Of A Module To The Output Of "CLI> module show"
2013-02-19 17:17:10 +00:00
Makefile
Switch to using external pjproject libraries.
2013-03-12 19:08:59 +00:00
res_adsi.c
Multiple revisions 369323-369324
2012-06-25 15:55:25 +00:00
res_ael_share.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
res_ael_share.exports.in
res_agi.c
Fix FastAGI To Properly Check For A Connection
2013-02-22 19:40:02 +00:00
res_agi.exports.in
res_calendar_caldav.c
Fix a variety of memory leaks
2012-05-18 14:43:44 +00:00
res_calendar_ews.c
Properly extract the Body information of an EWS calendar item
2012-10-31 14:58:44 +00:00
res_calendar_exchange.c
Make generate_exchange_uuid() always return the passed ast_str pointer.
2012-12-13 21:20:32 +00:00
res_calendar_icalendar.c
Fix memory leak in res_calendar_icalendar
2013-01-30 14:19:29 +00:00
res_calendar.c
Prevent exhaustion of system resources through exploitation of event cache
2013-01-02 18:11:59 +00:00
res_calendar.exports.in
res_clialiases.c
The UUID commit removed changes made in res_clialiases.c
2012-12-13 15:37:45 +00:00
res_clioriginate.c
Allow support for early media on AMI originates and call files.
2012-08-08 22:39:40 +00:00
res_config_curl.c
Properly delimit post data in res_config_curl.
2013-03-25 12:38:15 +00:00
res_config_ldap.c
Update Doxygen
2013-03-12 22:43:15 +00:00
res_config_odbc.c
Fix coverity UNUSED_VALUE findings in core support level files
2012-06-11 15:23:30 +00:00
res_config_pgsql.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_config_sqlite3.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_config_sqlite.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_convert.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
res_corosync.c
Add a "corosync ping" CLI command.
2012-07-30 00:14:18 +00:00
res_crypto.c
Doxygen Updates - janitor work
2012-09-21 17:14:59 +00:00
res_crypto.exports.in
Remove built-in AES code and use optional_api instead
2010-07-21 19:11:32 +00:00
res_curl.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_fax_spandsp.c
res_fax_spandsp: fix t38 transmission bug caused by not returning success
2013-01-22 22:19:02 +00:00
res_fax.c
Ensure ReceiveFax provides a CED tone via T.38
2012-12-10 16:56:37 +00:00
res_fax.exports.in
res_format_attr_celt.c
Add support for parsing SDP attributes, generating SDP attributes, and passing it through.
2012-07-13 16:49:40 +00:00
res_format_attr_h263.c
Reduce memory consumption and add the H.264 and H.263 modules I shamefully neglected to add.
2012-07-13 18:41:07 +00:00
res_format_attr_h264.c
AST-2013-001: Prevent buffer overflow through H.264 format negotiation
2013-03-27 14:28:36 +00:00
res_format_attr_silk.c
Add support for parsing SDP attributes, generating SDP attributes, and passing it through.
2012-07-13 16:49:40 +00:00
res_http_post.c
Avoid cppcheck warnings; removing unused vars and a bit of cleanup.
2012-04-17 18:57:40 +00:00
res_http_websocket.c
Added missing newlines to websocket ast_logs.
2012-11-20 22:06:05 +00:00
res_http_websocket.exports.in
Fix an issue with res_http_websocket where the chan_sip WebSocket handler could not be registered.
2012-10-31 18:01:09 +00:00
res_jabber.c
Make sure things compile...
2013-03-16 16:00:40 +00:00
res_jabber.exports.in
Fix chan_jingle/gtalk load regression introduced in r346087
2011-12-05 14:47:11 +00:00
res_limit.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_monitor.c
Resolve FORWARD_NULL static analysis warnings
2012-05-10 20:56:09 +00:00
res_monitor.exports.in
res_musiconhold.c
Refactor ast_timer_ack to return an error and handle the error in timer users
2012-11-05 23:10:14 +00:00
res_mutestream.c
Convert MuteAudio documentation to XML.
2012-03-19 20:26:51 +00:00
res_odbc.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_odbc.exports.in
res_phoneprov.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_pktccops.c
Multiple revisions 350788-350789
2012-01-14 15:51:43 +00:00
res_pktccops.exports.in
res_realtime.c
Cleanup references to sipusers and sipfriends dynamic realtime families
2011-11-01 19:53:26 +00:00
res_rtp_asterisk.c
Always set the RTP instance data in the RTP engine
2013-03-13 14:39:54 +00:00
res_rtp_multicast.c
Fix an issue where a caller to ast_write on a MulticastRTP channel would determine it failed when in reality it did not.
2012-09-25 12:12:20 +00:00
res_security_log.c
Merged revisions 328247 via svnmerge from
2011-07-14 20:28:54 +00:00
res_smdi.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_smdi.exports.in
res_snmp.c
Doxygen Updates - Title update
2012-10-14 21:44:27 +00:00
res_sorcery_config.c
Load sorcery modules earlier, so they can actually be used.
2013-03-07 21:14:18 +00:00
res_sorcery_memory.c
Pass the sorcery instance to wizards for CUD operations as well as retrieve.
2013-03-20 14:52:23 +00:00
res_speech.c
Add support for retrieving engine specific settings using the speech API and from dialplan.
2012-10-01 12:29:04 +00:00
res_speech.exports.in
res_srtp.c
res_srtp: Prevent a crash from occurring due to srtp_create failures in srtp_create
2013-01-04 23:14:54 +00:00
res_srtp.exports.in
Add SRTP support for Asterisk
2010-06-08 05:29:08 +00:00
res_stun_monitor.c
Add 'stun show status' command
2012-07-05 21:36:41 +00:00
res_timing_dahdi.c
Refactor ast_timer_ack to return an error and handle the error in timer users
2012-11-05 23:10:14 +00:00
res_timing_kqueue.c
Refactor ast_timer_ack to return an error and handle the error in timer users
2012-11-05 23:10:14 +00:00
res_timing_pthread.c
Refactor ast_timer_ack to return an error and handle the error in timer users
2012-11-05 23:10:14 +00:00
res_timing_timerfd.c
Refactor ast_timer_ack to return an error and handle the error in timer users
2012-11-05 23:10:14 +00:00
res_xmpp.c
Transition MWI to Stasis-core
2013-03-16 15:45:58 +00:00
res_xmpp.exports.in
Add a new unified Jingle, Google Jingle, and Google Talk channel driver written from scratch called chan_motif.
2012-07-07 17:06:51 +00:00