diff options
author | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-13 21:31:44 +0000 |
---|---|---|
committer | mmichelson <mmichelson@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-13 21:31:44 +0000 |
commit | eb11aea4dd1c7ab481610065ef2956923cad2123 (patch) | |
tree | 63744e9dbafec270e628e34081ebd64fdb5f0105 /main | |
parent | e5d94681c0a592fbc38cde475cc7ac6d26e528be (diff) |
Merged revisions 108529 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r108529 | mmichelson | 2008-03-13 15:59:00 -0500 (Thu, 13 Mar 2008) | 11 lines
Fixing a potential buffer overflow in the manager command ModuleCheck.
Though this overflow is exploitable remotely, we are NOT issuing a security
advisory for this since in order to exploit the overflow, the attacker would
have to establish an authenticated manager session AND have the system privilege.
By gaining this privilege, the attacker already has more powerful weapons at his
disposal than overflowing a buffer with a malformed manager header, so the vulnerability
in this case really lies with the authentication method that allowed the attacker to
gain the system privilege in the first place.
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@108582 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main')
-rw-r--r-- | main/manager.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/main/manager.c b/main/manager.c index f7317c709..72e154f6c 100644 --- a/main/manager.c +++ b/main/manager.c @@ -2565,14 +2565,14 @@ static int manager_modulecheck(struct mansession *s, const struct message *m) } else { cut = filename + strlen(filename); } - sprintf(cut, ".so"); + snprintf(cut, sizeof(filename) - cut - 1, ".so"); ast_log(LOG_DEBUG, "**** ModuleCheck .so file %s\n", filename); res = ast_module_check(filename); if (!res) { astman_send_error(s, m, "Module not loaded"); return 0; } - sprintf(cut, ".c"); + snprintf(cut, sizeof(filename) - cut - 1, ".c"); ast_log(LOG_DEBUG, "**** ModuleCheck .c file %s\n", filename); version = ast_file_version_find(filename); |