On Sat, 2007-03-03 at 22:45 +0100, Moritz Muehlenhoff wrote: > On Mon, Feb 26, 2007 at 08:38:01AM +0100, Lionel Elie Mamane wrote: > > On Sun, Feb 25, 2007 at 11:53:09PM +0000, Ben Hutchings wrote: > > > Lionel Elie Mamane <[EMAIL PROTECTED]> wrote: > > > > >> I'm now next to the machine and after some cable fiddling, it seems > > >> that despite the warning, basic functionality still works; it can > > >> answer to calls and make calls. > > > > > I'm glad to hear that. Did you apply both the isdnutils and > > > asterisk-chan-capi patches (they are both needed to close the security > > > hole)? > > > > I tested only asterisk-chan-capi, my own recompile of your source > > package. I tested the sid version. > > > > Time permitting, I may give the isdnutils and kernel patches a shot > > during the week, as well as the sarge version of asterisk-chan-capi. > > According to the Linux ISDN maintainer CAPI messages triggering such an > overflow cannot be sent over the ISDN network due to technical limits.
He actually wrote "It can be overflowed by a single evil message from a local source, but not via the ISDN network." This means a single message from the ISDN network cannot cause overflow. However, unless I'm missing something that ensures capi_cmsg2str is only ever called from one thread, two messages that are received around the same time could cause an overflow. Hence the requirement for a mutex. > I don't know asterisk-chan-capi, can CAPI messages originate otherwise? Neither do I. > If not, it probably doesn't need a fix for Etch. Ben. -- Ben Hutchings Q. Which is the greater problem in the world today, ignorance or apathy? A. I don't know and I couldn't care less.
signature.asc
Description: This is a digitally signed message part
