Summary: | ASTERISK-25304: res_pjsip: XML sanitization may write past buffer | ||
Reporter: | Joshua C. Colp (jcolp) | Labels: | |
Date Opened: | 2015-08-05 06:02:00 | Date Closed: | 2015-08-07 10:25:11 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Resources/res_pjsip |
Versions: | 13.4.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ||
Description: | The ast_sip_sanitize_xml function currently uses the strncat function incorrectly. The length provided to it may cause it to write past the provided output buffer into other memory. This can cause a crash. The crash may result from the writing or because the PJSIP library expects the value to be NULL terminated when it is not. | ||
Comments: |