res_pjsip_authenticator_digest: Fix md5 hash buffer

An md5 hash is 32 bytes long. The char buffer must be at least 33 bytes to
avoid clobbering of the stack. This patch also fixes a potential clobbering
in test_utils.c.

Thanks to Andrew Nagy for reporting and testing this out in #asterisk-dev

Reported by: Andrew Nagy
Tested by: Andrew Nagy
........

Merged revisions 404843 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@404844 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/res/res_pjsip_authenticator_digest.c b/res/res_pjsip_authenticator_digest.c
index e0f633fceb497977b6897411ec14cfcf8bbf8b33..3485a69af26cdb4f3993d16a0cd18c041ad25c73 100644 (file)
--- a/res/res_pjsip_authenticator_digest.c
+++ b/res/res_pjsip_authenticator_digest.c
@@ -200,7 +200,7 @@ static int build_nonce(struct ast_str **nonce, const char *timestamp, const pjsi
 {
        struct ast_str *str = ast_str_alloca(256);
        RAII_VAR(char *, eid, ao2_global_obj_ref(entity_id), ao2_cleanup);
-       char hash[32];
+       char hash[33];
 
        ast_str_append(&str, 0, "%s", timestamp);
        ast_str_append(&str, 0, ":%s", rdata->pkt_info.src_name);

diff --git a/tests/test_utils.c b/tests/test_utils.c
index f956e5b27be2e294da560a70dce17fcaed46709e..9150fccf416151b347c6544e63c27332062d7543 100644 (file)
--- a/tests/test_utils.c
+++ b/tests/test_utils.c
@@ -202,7 +202,7 @@ AST_TEST_DEFINE(md5_test)
        ast_test_status_update(test, "Testing MD5 ...\n");
 
        for (i = 0; i < ARRAY_LEN(tests); i++) {
-               char md5_hash[32];
+               char md5_hash[33];
                ast_md5_hash(md5_hash, tests[i].input);
                if (strcasecmp(md5_hash, tests[i].expected_output)) {
                        ast_test_status_update(test,