[Pkg-voip-commits] r8833 - in /asterisk/branches/lenny-security/debian: changelog patches/AST-2011-003 patches/series

tzafrir at alioth.debian.org tzafrir at alioth.debian.org
Thu Mar 17 11:11:35 UTC 2011 

Author: tzafrir
Date: Thu Mar 17 11:11:32 2011
New Revision: 8833

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=8833
Log:
Patch AST-2011-003: Potential DoS attac on the manager interface.

Added:
    asterisk/branches/lenny-security/debian/patches/AST-2011-003
Modified:
    asterisk/branches/lenny-security/debian/changelog
    asterisk/branches/lenny-security/debian/patches/series

Modified: asterisk/branches/lenny-security/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/changelog?rev=8833&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/changelog (original)
+++ asterisk/branches/lenny-security/debian/changelog Thu Mar 17 11:11:32 2011
@@ -1,9 +1,10 @@
 asterisk (1:1.4.21.2~dfsg-3+lenny2.1) oldstable-security; urgency=low
 
-  * Patch AST-2011-002: Multiple crash vulnerabilities in UDPTL code. 
+  * Patch AST-2011-002: Multiple crash vulnerabilities in UDPTL code.
+  * Patch AST-2011-003: Potential DoS attac on the manager interface.
   * My new @debian.org address
 
- -- Tzafrir Cohen <tzafrir at debian.org>  Tue, 22 Feb 2011 14:23:45 +0200
+ -- Tzafrir Cohen <tzafrir at debian.org>  Thu, 17 Mar 2011 12:21:06 +0200
 
 asterisk (1:1.4.21.2~dfsg-3+lenny2) oldstable-security; urgency=high
 

Added: asterisk/branches/lenny-security/debian/patches/AST-2011-003
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/AST-2011-003?rev=8833&op=file
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/AST-2011-003 (added)
+++ asterisk/branches/lenny-security/debian/patches/AST-2011-003 Thu Mar 17 11:11:32 2011
@@ -1,0 +1,52 @@
+Description: Resource exhaustion in Asterisk Manager Interface
+Origin: http://downloads.asterisk.org/pub/security/AST-2011-003-1.6.1.diff
+
+Rapidly opening manager connections, sending invalid data, and closing the
+connection can cause Asterisk to exhaust available CPU and memory resources.
+
+The manager interface is disabled by default in upstream, but enabled
+by default (listening on localhost only) in the version in Debian 5.0 (Lenny)
+and 6.0 (Squeeze).
+
+Backported from the upstream patch for 1.6.1.
+See also http://downloads.asterisk.org/pub/security/AST-2011-003.html
+
+diff --git a/main/manager.c b/main/manager.c
+index 2dc7664..f89a84d 100644
+--- a/main/manager.c
++++ b/main/manager.c
+@@ -180,6 +180,7 @@ struct mansession {
+ 	int writetimeout;
+ 	int pending_event;         /*!< Pending events indicator in case when waiting_thread is NULL */
+ 	AST_LIST_ENTRY(mansession) list;
++	int write_error:1;
+ };
+ 
+ static AST_LIST_HEAD_STATIC(sessions, mansession);
+@@ -494,9 +495,14 @@ void astman_append(struct mansession *s, const char *fmt, ...)
+ 	ast_dynamic_str_thread_set_va(&buf, 0, &astman_append_buf, fmt, ap);
+ 	va_end(ap);
+ 	
+-	if (s->fd > -1)
+-		ast_carefulwrite(s->fd, buf->str, strlen(buf->str), s->writetimeout);
+-	else {
++	if (s->fd > -1) {
++		int res;
++
++		res = ast_carefulwrite(s->fd, buf->str, strlen(buf->str), s->writetimeout);
++		if (res) {
++			s->write_error = 1;
++		}
++	} else {
+ 		if (!s->outputstr && !(s->outputstr = ast_calloc(1, sizeof(*s->outputstr)))) {
+ 			ast_mutex_unlock(&s->__lock);
+ 			return;
+@@ -2314,7 +2320,7 @@ static void *session_do(void *data)
+ 	
+ 	astman_append(s, "Asterisk Call Manager/1.0\r\n");
+ 	for (;;) {
+-		if ((res = do_message(s)) < 0)
++		if ((res = do_message(s)) < 0 || s->write_error)
+ 			break;
+ 	}
+ 	if (s->authenticated) {

Modified: asterisk/branches/lenny-security/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/lenny-security/debian/patches/series?rev=8833&op=diff
==============================================================================
--- asterisk/branches/lenny-security/debian/patches/series (original)
+++ asterisk/branches/lenny-security/debian/patches/series Thu Mar 17 11:11:32 2011
@@ -103,3 +103,4 @@
 ast_uri_validhex
 AST-2011-001
 AST-2011-002
+AST-2011-003

More information about the Pkg-voip-commits mailing list