]> git.ipfire.org Git - thirdparty/asterisk.git/commit
projects / thirdparty / asterisk.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e6c4a92) | patch
AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow. 69/2169/2
authorRichard Mudgett <rmudgett@digium.com>
Mon, 28 Sep 2015 22:07:42 +0000 (17:07 -0500)
committerRichard Mudgett <rmudgett@digium.com>
Wed, 3 Feb 2016 21:04:26 +0000 (15:04 -0600)
commit882e85388295eac8eebd0b82e71a9af0a769b41f
tree15a11428a41b6625889b082ed900abd03b3bccbdtree
parente6c4a926c2e83aa86b6a21db74493bd1fde2443ecommit | diff
AST-2016-002 chan_sip.c: Fix retransmission timeout integer overflow.

Setting the sip.conf timert1 value to a value higher than 1245 can cause
an integer overflow and result in large retransmit timeout times.  These
large timeout times hold system file descriptors hostage and can cause the
system to run out of file descriptors.

NOTE: The default sip.conf timert1 value is 500 which does not expose the
vulnerability.

* The overflow is now detected and the previous timeout time is
calculated.

ASTERISK-25397 #close
Reported by: Alexander Traud

Change-Id: Ia7231f2f415af1cbf90b923e001b9219cff46290
channels/chan_sip.c diff | blob | blame | history
Mirror of https://github.com/asterisk/asterisk.git