Re: [Iaxclient-devel] possible security hole in iax.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi all,

I am attaching a patch that fixes the forementioned problems. The code
that was added to handle mini video frames also has a problem -  in case
the received frame is a mini video frame, a check is done only against
the size of an audio miniheader, which is smaller, so a vulnerability
similar to the one from Advisory ID: CORE-2006-0327 (coresecurity.com)
is again present in iaxclient. This patch should fix it.

Best regards
Alex