[PATCH] Fix global buffer overflow @sip_msg.c:254

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,
There is a buffer overflow in pjsip_method_init_np() calling
pj_memcmp(). If the length of the string method_names[i] is shorter
than str->slen then pj_memcmp() is comparing past the end of the
method_names[i]->ptr buffer. The log claims the pj_memcmp() call is a
performance "improvement" but I don't don't see how this can make any
meaningful difference here.

Kal

Attachment: 0001-Fix-global-buffer-overflow-sip_msg.c-254.patch
Description: Binary data

_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux