git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Matthew Jordan <mjordan@digium.com>
	Wed, 2 Jan 2013 15:23:57 +0000 (15:23 +0000)
committer	Matthew Jordan <mjordan@digium.com>
	Wed, 2 Jan 2013 15:23:57 +0000 (15:23 +0000)
commit	feee19c5c1e199a161e26bf0a41dddd6f03d5bd5
tree	69d85c9f083f24c2f0f5fa04cbe78f3e93923f10	tree \| snapshot
parent	fff4b8c898c8e91ed98af3a57071f35404e6b0ec	commit \| diff

Resolve crashes due to large stack allocations when using TCP

Asterisk had several places where messages received over various network
transports may be copied in a single stack allocation. In the case of TCP,
since multiple packets in a stream may be concatenated together, this can
lead to large allocations that overflow the stack.

This patch modifies those portions of Asterisk using TCP to either
favor heap allocations or use an upper bound to ensure that the stack will not
overflow:
* For SIP, the allocation now has an upper limit
* For HTTP, the allocation is now a heap allocation instead of a stack
   allocation
* For XMPP (in res_jabber), the allocation has been eliminated since it was
   unnecesary.

Note that the HTTP portion of this issue was independently found by Brandon
Edwards of Exodus Intelligence.

(issue ASTERISK-20658)
Reported by: wdoekes, Brandon Edwards
Tested by: mmichelson, wdoekes
patches:
  ASTERISK-20658_res_jabber.c.patch uploaded by mmichelson (license 5049)
  issueA20658_http_postvars_use_malloc2.patch uploaded by wdoekes (license 5674)
  issueA20658_limit_sip_packet_size3.patch uploaded by wdoekes (license 5674)
........

Merged revisions 378269 from http://svn.asterisk.org/svn/asterisk/branches/1.8

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/10@378286 65c4cc65-6c06-0410-ace0-fbb531ad65f3

channels/chan_sip.c		diff \| blob \| blame \| history
channels/sip/include/sip.h		diff \| blob \| blame \| history
main/http.c		diff \| blob \| blame \| history
res/res_jabber.c		diff \| blob \| blame \| history