Uploaded image for project: 'FreeSWITCH'
  1. FreeSWITCH
  2. FS-10001

Buffer overflow collecting digits

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.14
    • Fix Version/s: 1.8
    • Component/s: core
    • Security Level: public
    • Labels:
      None
    • CPU Architecture:
      x86-64
    • Kernel:
      Linux
    • Userland:
      GNU/Linux
    • Distribution:
      CentOS
    • Distribution Version:
      CentOS 7
    • Compiler:
      gcc
    • Compiler Version:
      gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
    • FreeSWITCH GIT Revision:
      FreeSWITCH Version 1.9.0+git~20170130T213633Z~230e8ac692~64bit (git 230e8ac 2017-01-30 21:36:33Z 64bit)
    • GIT Master Revision hash::
      230e8ac692b438988cfd224dd03af4f1b141dbaf

      Description

      It appears that while collecting DTMF digits using switch_ivr_collect_digits_count(), it is possible to overflow the input buffer. I have been able to reproduce this using eavesdrop while in an "idle" state and pressing DTMF. Although it didn't create a core, I think this is only by chance but the buffer appears to be getting filled with digits beyond the size of the buffer. Since this function is used broadly throughout FS, figured it was worth to create a separate story to track/fix this potential problem.

        Attachments

          Activity

            People

            • Assignee:
              brian Brian West
              Reporter:
              mkrokosz Matthew Krokosz
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: