mirror of https://github.com/asterisk/asterisk
The "Refer-to" header of an incoming REFER request is parsed by pjsip_parse_uri(). That function requires the URI parameter to be NULL terminated. Unfortunately, the previous code added the NULL terminator by overwriting memory that may not be safe. The overwritten memory results could be benign, memory corruption, or a segmentation fault. Now the URI is NULL terminated safely by copying the URI to a new chunk of memory with the correct size to be NULL terminated. ASTERISK-25814 #close Change-Id: I32565496684a5a49c3278fce06474b8c94b37342changes/60/2360/3
parent
aeef52db9f
commit
2b1b8e382a
Loading…
Reference in new issue