[Pkg-voip-commits] r1826 - in iaxclient/trunk/debian: . patches
Mikael Magnusson
mikma-guest at costa.debian.org
Mon Jun 12 00:28:23 UTC 2006
Author: mikma-guest
Date: 2006-06-12 00:28:21 +0000 (Mon, 12 Jun 2006)
New Revision: 1826
Added:
iaxclient/trunk/debian/patches/270_iax2_CORE-2006-0327.dpatch
Modified:
iaxclient/trunk/debian/changelog
iaxclient/trunk/debian/patches/00list
Log:
* Fix IAXclient truncated frames vulnerabilities; see CORE-2006-0327
Modified: iaxclient/trunk/debian/changelog
===================================================================
--- iaxclient/trunk/debian/changelog 2006-06-10 19:08:09 UTC (rev 1825)
+++ iaxclient/trunk/debian/changelog 2006-06-12 00:28:21 UTC (rev 1826)
@@ -1,8 +1,9 @@
-iaxclient (0.0+svn20060520-2) UNRELEASED; urgency=low
+iaxclient (0.0+svn20060520-2) unstable; urgency=high
- * NOT RELEASED YET
+ [ Mikael Magnusson ]
+ * Fix IAXclient truncated frames vulnerabilities; see CORE-2006-0327
- -- Kilian Krause <kilian at debian.org> Fri, 9 Jun 2006 22:10:39 +0000
+ -- Mikael Magnusson <mikma at users.sourceforge.net> Mon, 12 Jun 2006 02:21:23 +0200
iaxclient (0.0+svn20060520-1) unstable; urgency=low
Modified: iaxclient/trunk/debian/patches/00list
===================================================================
--- iaxclient/trunk/debian/patches/00list 2006-06-10 19:08:09 UTC (rev 1825)
+++ iaxclient/trunk/debian/patches/00list 2006-06-12 00:28:21 UTC (rev 1826)
@@ -13,3 +13,4 @@
250_incoming_ringing
200_version
260_timer
+270_iax2_CORE-2006-0327.dpatch
Added: iaxclient/trunk/debian/patches/270_iax2_CORE-2006-0327.dpatch
===================================================================
--- iaxclient/trunk/debian/patches/270_iax2_CORE-2006-0327.dpatch 2006-06-10 19:08:09 UTC (rev 1825)
+++ iaxclient/trunk/debian/patches/270_iax2_CORE-2006-0327.dpatch 2006-06-12 00:28:21 UTC (rev 1826)
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 270_iax2_undersized.dpatch by <mikma at users.sourceforge.net>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix IAXclient truncated frames vulnerabilities; see CORE-2006-0327
+
+ at DPATCH@
+diff -urNad iaxclient-0.0+svn20060520~/lib/libiax2/src/iax.c iaxclient-0.0+svn20060520/lib/libiax2/src/iax.c
+--- iaxclient-0.0+svn20060520~/lib/libiax2/src/iax.c 2006-06-11 23:46:56.000000000 +0200
++++ iaxclient-0.0+svn20060520/lib/libiax2/src/iax.c 2006-06-11 23:47:28.000000000 +0200
+@@ -2901,6 +2901,7 @@
+ if (len < sizeof(struct ast_iax2_full_hdr)) {
+ DEBU(G "Short header received from %s\n", inet_ntoa(sin->sin_addr));
+ IAXERROR "Short header received from %s\n", inet_ntoa(sin->sin_addr));
++ return NULL;
+ }
+ /* We have a full header, process appropriately */
+ session = iax_find_session(sin, ntohs(fh->scallno) & ~IAX_FLAG_FULL, ntohs(fh->dcallno) & ~IAX_FLAG_RETRANS, 1);
+@@ -2914,6 +2915,7 @@
+ if (len < sizeof(struct ast_iax2_mini_hdr)) {
+ DEBU(G "Short header received from %s\n", inet_ntoa(sin->sin_addr));
+ IAXERROR "Short header received from %s\n", inet_ntoa(sin->sin_addr));
++ return NULL;
+ }
+ /* Miniature, voice frame */
+ session = iax_find_session(sin, ntohs(fh->scallno), 0, 0);
Property changes on: iaxclient/trunk/debian/patches/270_iax2_CORE-2006-0327.dpatch
___________________________________________________________________
Name: svn:executable
+ *
More information about the Pkg-voip-commits
mailing list