| Summary: | ASTERISK-25304: res_pjsip: XML sanitization may write past buffer | ||
| Reporter: | Joshua C. Colp (jcolp) | Labels: | |
| Date Opened: | 2015-08-05 06:02:00 | Date Closed: | 2015-08-07 10:25:11 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Resources/res_pjsip |
| Versions: | 13.4.0 | Frequency of Occurrence | |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | The ast_sip_sanitize_xml function currently uses the strncat function incorrectly. The length provided to it may cause it to write past the provided output buffer into other memory. This can cause a crash. The crash may result from the writing or because the PJSIP library expects the value to be NULL terminated when it is not. | ||
| Comments: | |||