Menu
▾
▴
Re: [Iaxclient-devel] possible security hole in iax.c
|
From: Alexander V. <ava...@vo...> - 2008-04-22 21:49:16
|
Hmm, seems the patch was broken, here is a newly generated one that works Regards Alex Alexander Vassilev wrote: > Hi all, > > I am attaching a patch that fixes the forementioned problems. The code > that was added to handle mini video frames also has a problem - in case > the received frame is a mini video frame, a check is done only against > the size of an audio miniheader, which is smaller, so a vulnerability > similar to the one from Advisory ID: CORE-2006-0327 (coresecurity.com) > is again present in iaxclient. This patch should fix it. > > Best regards > Alex > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > ------------------------------------------------------------------------ > > _______________________________________________ > Iaxclient-devel mailing list > Iax...@li... > https://lists.sourceforge.net/lists/listinfo/iaxclient-devel |
