| Summary: | ASTERISK-00261: [patch] Random data on port 2000 will SEGV asterisk | ||
| Reporter: | theo (theo) | Labels: | |
| Date Opened: | 2003-09-12 15:17:24 | Date Closed: | 2004-09-25 02:52:04 |
| Priority: | Critical | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) chan_skinny_fix-1.diff | |
| Description: | Opening a connection to port 2000 while chan_skinny is enabled (by default now) will cause a SEGV if any random data is sent. ****** STEPS TO REPRODUCE ****** telnet to port 2000 of a installation of asterisk with chan_skinny running, and just send a few random chars. Asterisk will then SEGV. ****** ADDITIONAL INFORMATION ****** Attached is a diff to at least stop any random data, carefully crafted data will probably still kill asterisk :/ There are a number of other bugs like this in chan_skinny, maybe disable it by default until all these sorts of bugs have been fixed, for security reasons? (btw - chan_sccp suffers from a similar problem right now, too :/). | ||
| Comments: | By: jerjer (jerjer) 2003-09-13 18:44:05 Merged into cvs. Thank you. I hadn't gotten around to bullet proofing the socket, as I'm not very skilled at socket programing. Any suggestions on how to protect against that "carefully crafted data"? By: jerjer (jerjer) 2003-09-14 22:09:44 Please contact me directly if you have any further info on this. | ||