[Pkg-voip-commits] r1862 - asterisk/tags/1.2.7.1.dfsg-3/debian/patches

Mark Purcell msp at costa.debian.org
Tue Jun 13 04:33:30 UTC 2006 

Author: msp
Date: 2006-06-13 04:33:28 +0000 (Tue, 13 Jun 2006)
New Revision: 1862

Modified:
   asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list
   asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch
Log:
Modified CVE-2006-2898.dpatch for 1.2.7.1.dfsg

Modified: asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list
===================================================================
--- asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list	2006-06-13 04:24:31 UTC (rev 1861)
+++ asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list	2006-06-13 04:33:28 UTC (rev 1862)
@@ -1,5 +1,4 @@
 # ukcid probably conflicts with bristuff
-99_CVE-2006-2898.dpatch
 ukcid
 option_detach
 30_ast-data-dir.dpatch
@@ -15,3 +14,4 @@
 correct_pid_display
 zap_restart
 backport_playdtmf
+99_CVE-2006-2898.dpatch

Modified: asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch
===================================================================
--- asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch	2006-06-13 04:24:31 UTC (rev 1861)
+++ asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch	2006-06-13 04:33:28 UTC (rev 1862)
@@ -1,35 +1,36 @@
 #! /bin/sh /usr/share/dpatch/dpatch-run
-## 99_CVE-2006-NNNN.dpatch by Joey Schulze <joey at debian.org>
+## 99_CVE-2006-2898.dpatch by Joey Schulze <joey at debian.org>
 ##
 ## DP: Bug in the IAX2 channel allows remote attackers to craft
 ## DP: a denial of service.
 
 @DPATCH@
---- asterisk-1.0.7.dfsg.1.orig/channels/chan_iax2.c	2005-03-18 18:30:05.000000000 +0100
- ++ asterisk-1.0.7.dfsg.1/channels/chan_iax2.c	2006-06-07 08:17:19.000000000 +0200
-@@ -5064,10 +5064,20 @@ static int socket_read(int *id, int fd, 
+diff -urNad asterisk-1.2.7.1.dfsg~/channels/chan_iax2.c asterisk-1.2.7.1.dfsg/channels/chan_iax2.c
+--- asterisk-1.2.7.1.dfsg~/channels/chan_iax2.c	2006-03-31 20:11:26.000000000 +0100
++++ asterisk-1.2.7.1.dfsg/channels/chan_iax2.c	2006-06-13 05:30:16.000000000 +0100
+@@ -6322,10 +6322,20 @@
  		return 1;
  	}
  	if ((vh->zeros == 0) && (ntohs(vh->callno) & 0x8000)) {
 +		if (res < sizeof(*vh)) {
 +			ast_log(LOG_WARNING, "Rejecting packet from '%s.%d' that is flagged as a mini video frame but is too short\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin.sin_addr), ntohs(sin.sin_port));
 +			return 1;
-+			
++
 +		}
  		/* This is a video frame, get call number */
- 		fr.callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, 1);
+ 		fr.callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, 1, fd);
  		minivid = 1;
 -	} else if (meta->zeros == 0) {
 +	} else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) {
 +		if (res < sizeof(*meta)) {
 +			ast_log(LOG_WARNING, "Rejecting packet from '%s.%d' that is flagged as a meta frame but is too short\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin.sin_addr), ntohs(sin.sin_port));
 +			return 1;
-+			
++
 +		}
+ 		unsigned char metatype;
  		/* This is a meta header */
  		switch(meta->metacmd) {
- 		case IAX_META_TRUNK:
-@@ -5164,7 +5174,7 @@ static int socket_read(int *id, int fd, 
+@@ -6450,7 +6460,7 @@
  	if (iaxdebug)
  		iax_showframe(NULL, fh, 1, &sin, res - sizeof(struct ast_iax2_full_hdr));
  #endif

More information about the Pkg-voip-commits mailing list