| Summary: | ASTERISK-20349: DEBUG_MALLOC version of ast_strndup() may cause buffer overflow | ||
| Reporter: | Brent Eagles (beagles) | Labels: | |
| Date Opened: | 2012-08-31 11:51:44 | Date Closed: | 2012-09-07 18:15:08 |
| Priority: | Major | Regression? | |
| Status: | Closed/Complete | Components: | Core/AstMM |
| Versions: | 11.0.0-beta1 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | In astmm.c, __ast_strndup() calls strcpy() causing strlen(source) characters to be copied into a destination buffer that is sized according to the number of characters to be copied (n), where n may be less than strlen(source). High fence violations are correctly reported if strlen(source) > n. | ||
| Comments: | By: Brent Eagles (beagles) 2012-08-31 11:52:28.653-0500 The problem was initially encountered while testing Asterisk ICE support. | ||