[Pkg-voip-commits] [asterisk] 08/10: AST-2016-002: File descriptor exhaustion in chan_sip (CVE-2016-2316)
Bernhard Schmidt
berni at moszumanska.debian.org
Sun Oct 23 19:48:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
berni pushed a commit to branch jessie
in repository asterisk.
commit 686019ee8d096b4e57108cebc59bb39b4e11ee8c
Author: Bernhard Schmidt <berni at debian.org>
Date: Sun Oct 9 19:36:15 2016 +0200
AST-2016-002: File descriptor exhaustion in chan_sip (CVE-2016-2316)
---
debian/patches/AST-2016-002-11.diff | 18 ++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 19 insertions(+)
diff --git a/debian/patches/AST-2016-002-11.diff b/debian/patches/AST-2016-002-11.diff
new file mode 100644
index 0000000..263c342
--- /dev/null
+++ b/debian/patches/AST-2016-002-11.diff
@@ -0,0 +1,18 @@
+diff --git a/channels/chan_sip.c b/channels/chan_sip.c
+index 6ebdd94..db3c49f 100644
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -3980,6 +3980,13 @@ static int retrans_pkt(const void *data)
+ }
+
+ /* For non-invites, a maximum of 4 secs */
++ if (INT_MAX / pkt->timer_a < pkt->timer_t1) {
++ /*
++ * Uh Oh, we will have an integer overflow.
++ * Recalculate previous timeout time instead.
++ */
++ pkt->timer_a = pkt->timer_a / 2;
++ }
+ siptimer_a = pkt->timer_t1 * pkt->timer_a; /* Double each time */
+ if (pkt->method != SIP_INVITE && siptimer_a > 4000) {
+ siptimer_a = 4000;
diff --git a/debian/patches/series b/debian/patches/series
index ca582c3..4123fd4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,5 +40,6 @@ AST-2014-017.patch
AST-2014-018.patch
AST-2014-019.patch
AST-2015-003-11.diff
+AST-2016-002-11.diff
AST-2016-003-11.diff
AST-2016-007.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git
More information about the Pkg-voip-commits
mailing list