Summary:ASTERISK-07607: [patch] security fix for format string issue in app_record
Reporter:Denis Smirnov (mithraen)Labels:
Date Opened:2006-08-27 04:37:07Date Closed:2006-09-07 18:16:26
Versions:Frequency of
Environment:Attachments:( 0) 20060827__bug7811.diff.txt
( 1) 7811.app_record-1.2.patch
Description:Using snprintf with format from user-passed data was very, very bad idea.
Comments:By: Tilghman Lesher (tilghman) 2006-08-27 10:48:28

Your patch does far more than just correct this security hole, and in fact, it reduces functionality.  For example, if maxstr contains 'foo', the current code (correctly) determines that that input is incorrect, but your revision does not.

Please correct and resubmit.

By: Tilghman Lesher (tilghman) 2006-08-27 10:49:15

Also, this issue also exists in 1.2, so please submit a patch for that version.

By: Tilghman Lesher (tilghman) 2006-08-27 11:14:41

This patch is more along the lines of what is necessary.

By: Denis Smirnov (mithraen) 2006-08-27 11:52:11

Looks very nice! And much simpler than my code.

But, I think, needs some comments, because it's not so simple read without clear understanding how AST_NONSTANDARD_APP_ARGS works.

I create my patch without sscanf->atoi change for 1.2 and svn head. Need I upload it?

By: Tilghman Lesher (tilghman) 2006-09-07 18:16:26

Committed, revisions 42355 (1.2) and 42356 (trunk).