[Pkg-voip-commits] r1862 -
asterisk/tags/1.2.7.1.dfsg-3/debian/patches
Mark Purcell
msp at costa.debian.org
Tue Jun 13 04:33:30 UTC 2006
Author: msp
Date: 2006-06-13 04:33:28 +0000 (Tue, 13 Jun 2006)
New Revision: 1862
Modified:
asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list
asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch
Log:
Modified CVE-2006-2898.dpatch for 1.2.7.1.dfsg
Modified: asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list
===================================================================
--- asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list 2006-06-13 04:24:31 UTC (rev 1861)
+++ asterisk/tags/1.2.7.1.dfsg-3/debian/patches/00list 2006-06-13 04:33:28 UTC (rev 1862)
@@ -1,5 +1,4 @@
# ukcid probably conflicts with bristuff
-99_CVE-2006-2898.dpatch
ukcid
option_detach
30_ast-data-dir.dpatch
@@ -15,3 +14,4 @@
correct_pid_display
zap_restart
backport_playdtmf
+99_CVE-2006-2898.dpatch
Modified: asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch
===================================================================
--- asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch 2006-06-13 04:24:31 UTC (rev 1861)
+++ asterisk/tags/1.2.7.1.dfsg-3/debian/patches/99_CVE-2006-2898.dpatch 2006-06-13 04:33:28 UTC (rev 1862)
@@ -1,35 +1,36 @@
#! /bin/sh /usr/share/dpatch/dpatch-run
-## 99_CVE-2006-NNNN.dpatch by Joey Schulze <joey at debian.org>
+## 99_CVE-2006-2898.dpatch by Joey Schulze <joey at debian.org>
##
## DP: Bug in the IAX2 channel allows remote attackers to craft
## DP: a denial of service.
@DPATCH@
---- asterisk-1.0.7.dfsg.1.orig/channels/chan_iax2.c 2005-03-18 18:30:05.000000000 +0100
- ++ asterisk-1.0.7.dfsg.1/channels/chan_iax2.c 2006-06-07 08:17:19.000000000 +0200
-@@ -5064,10 +5064,20 @@ static int socket_read(int *id, int fd,
+diff -urNad asterisk-1.2.7.1.dfsg~/channels/chan_iax2.c asterisk-1.2.7.1.dfsg/channels/chan_iax2.c
+--- asterisk-1.2.7.1.dfsg~/channels/chan_iax2.c 2006-03-31 20:11:26.000000000 +0100
++++ asterisk-1.2.7.1.dfsg/channels/chan_iax2.c 2006-06-13 05:30:16.000000000 +0100
+@@ -6322,10 +6322,20 @@
return 1;
}
if ((vh->zeros == 0) && (ntohs(vh->callno) & 0x8000)) {
+ if (res < sizeof(*vh)) {
+ ast_log(LOG_WARNING, "Rejecting packet from '%s.%d' that is flagged as a mini video frame but is too short\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin.sin_addr), ntohs(sin.sin_port));
+ return 1;
-+
++
+ }
/* This is a video frame, get call number */
- fr.callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, 1);
+ fr.callno = find_callno(ntohs(vh->callno) & ~0x8000, dcallno, &sin, new, 1, fd);
minivid = 1;
- } else if (meta->zeros == 0) {
+ } else if ((meta->zeros == 0) && !(ntohs(meta->metacmd) & 0x8000)) {
+ if (res < sizeof(*meta)) {
+ ast_log(LOG_WARNING, "Rejecting packet from '%s.%d' that is flagged as a meta frame but is too short\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin.sin_addr), ntohs(sin.sin_port));
+ return 1;
-+
++
+ }
+ unsigned char metatype;
/* This is a meta header */
switch(meta->metacmd) {
- case IAX_META_TRUNK:
-@@ -5164,7 +5174,7 @@ static int socket_read(int *id, int fd,
+@@ -6450,7 +6460,7 @@
if (iaxdebug)
iax_showframe(NULL, fh, 1, &sin, res - sizeof(struct ast_iax2_full_hdr));
#endif
More information about the Pkg-voip-commits
mailing list