AST-2012-005: Fix remotely exploitable heap overflow in keypad button handling
When handling a keypad button message event, the received digit is placed into
a fixed length buffer that acts as a queue. When a new message event is
received, the length of that buffer is not checked before placing the new digit
on the end of the queue. The situation exists where sufficient keypad button
message events would occur that would cause the buffer to be overrun. This
patch explicitly checks that there is sufficient room in the buffer before
appending a new digit.
(closes issue ASTERISK-19592)
Reported by: Russell Bryant
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.6.2@363100
65c4cc65-6c06-0410-ace0-
fbb531ad65f3
projects / thirdparty / asterisk.git / commit
