git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Sean Bright <sean.bright@gmail.com>
	Thu, 16 Aug 2018 15:45:53 +0000 (11:45 -0400)
committer	Richard Mudgett <rmudgett@digium.com>
	Thu, 20 Sep 2018 16:18:57 +0000 (11:18 -0500)
commit	339bf0cf7b40c3d4169a449ea6aad767850a5b51
tree	13202bb66c5c71c5eb334824866da138d0d4f8b9	tree \| snapshot
parent	84b60aeb70e074f566b46e7c1df750e09b2065f7	commit \| diff

AST-2018-009: Fix crash processing websocket HTTP Upgrade requests

The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.

* No longer allocate memory from the stack in a loop to parse the header
values.  NOTE: There is a slight API change when using the passed in
strings as is.  We now require the passed in strings to no longer have
leading or trailing whitespace.  This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.

ASTERISK-28013 #close

Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a