[Pkg-voip-commits] r4232 - in asterisk/branches/sarge/debian: . patches

paravoid at alioth.debian.org paravoid at alioth.debian.org
Thu Aug 23 00:40:34 UTC 2007 

Author: paravoid
Date: 2007-08-23 00:40:33 +0000 (Thu, 23 Aug 2007)
New Revision: 4232

Added:
   asterisk/branches/sarge/debian/patches/99_CVE-2006-5444.dpatch
Modified:
   asterisk/branches/sarge/debian/changelog
   asterisk/branches/sarge/debian/patches/00list
Log:
* Non-maintainer upload
* Backported fix for buffer overflow in chan_skinny driver
  induced by an undetected integer underflow
  [debian/patches/99_CVE-2006-5444.dpatch] (Closes: #394025)

Modified: asterisk/branches/sarge/debian/changelog
===================================================================
--- asterisk/branches/sarge/debian/changelog	2007-08-23 00:39:13 UTC (rev 4231)
+++ asterisk/branches/sarge/debian/changelog	2007-08-23 00:40:33 UTC (rev 4232)
@@ -1,3 +1,12 @@
+asterisk (1:1.0.7.dfsg.1-2sarge4) stable-security; urgency=high
+
+  * Non-maintainer upload
+  * Backported fix for buffer overflow in chan_skinny driver
+    induced by an undetected integer underflow
+    [debian/patches/99_CVE-2006-5444.dpatch] (Closes: #394025)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Sat, 25 Nov 2006 16:12:26 +0000
+
 asterisk (1:1.0.7.dfsg.1-2sarge3) stable-security; urgency=high
 
   * Non-maintainer upload by the Security Team

Modified: asterisk/branches/sarge/debian/patches/00list
===================================================================
--- asterisk/branches/sarge/debian/patches/00list	2007-08-23 00:39:13 UTC (rev 4231)
+++ asterisk/branches/sarge/debian/patches/00list	2007-08-23 00:40:33 UTC (rev 4232)
@@ -16,3 +16,5 @@
 99_CVE-2005-3559.dpatch
 99_CVE-2006-1827.dpatch
 99_CVE-2006-2898.dpatch
+99_CVE-2006-5444.dpatch
+

Added: asterisk/branches/sarge/debian/patches/99_CVE-2006-5444.dpatch
===================================================================
--- asterisk/branches/sarge/debian/patches/99_CVE-2006-5444.dpatch	                        (rev 0)
+++ asterisk/branches/sarge/debian/patches/99_CVE-2006-5444.dpatch	2007-08-23 00:40:33 UTC (rev 4232)
@@ -0,0 +1,27 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 99_CVE-2006-5444.dpatch by <ben at decadent.org.uk>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix buffer overflow in chan_skinny driver induced by an undetected
+## DP: integer underflow (CVE-2006-5444).
+## DP: Remove bogus mutex unlock in case it can cause denial of service.
+
+ at DPATCH@
+--- asterisk-1.0.7.dfsg.1/channels/chan_skinny.c.orig	2006-10-20 00:10:49.000000000 +0000
++++ asterisk-1.0.7.dfsg.1/channels/chan_skinny.c	2006-10-20 00:16:37.000000000 +0000
+@@ -2305,10 +2305,14 @@
+ 			return -1;
+ 		}
+ 		dlen = *(int *)s->inbuf;
++		if (dlen < 0) {
++			ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
++			return -1;
++		}
+ 		if (dlen+8 > sizeof(s->inbuf))
+ 			dlen = sizeof(s->inbuf) - 8;
++		*(int *)s->inbuf = dlen;
+ 		res = read(s->fd, s->inbuf+4, dlen+4);
+-		ast_mutex_unlock(&s->lock);
+ 		if (res != (dlen+4)) {
+ 			ast_log(LOG_WARNING, "Skinny Client sent less data than expected.\n");
+ 			return -1;

More information about the Pkg-voip-commits mailing list