diff options
Diffstat (limited to 'main/asterisk/AST-2018-007.patch')
-rw-r--r-- | main/asterisk/AST-2018-007.patch | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/main/asterisk/AST-2018-007.patch b/main/asterisk/AST-2018-007.patch new file mode 100644 index 0000000000..1b641af134 --- /dev/null +++ b/main/asterisk/AST-2018-007.patch @@ -0,0 +1,55 @@ +From 380b5ae0a1e4a68bfb098319a7ab86d3d34c2fcb Mon Sep 17 00:00:00 2001 +From: Sean Bright <sean.bright@gmail.com> +Date: Mon, 16 Apr 2018 15:13:58 -0400 +Subject: [PATCH 1/1] AST-2018-007: iostreams potential DoS when client + connection closed prematurely + +Before Asterisk sends an HTTP response (at least in the case of errors), +it attempts to read & discard the content of the request. If the client +lies about the Content-Length, or the connection is closed from the +client side before "Content-Length" bytes are sent, the request handling +thread will busy loop. + +ASTERISK-27807 + +Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762 +--- + main/iostream.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/main/iostream.c b/main/iostream.c +index 4cddd43b6b..20188cb7a0 100644 +--- a/main/iostream.c ++++ b/main/iostream.c +@@ -197,11 +197,18 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size + } + } + break; ++ case SSL_ERROR_SYSCALL: ++ /* Some non-recoverable I/O error occurred. The OpenSSL error queue may ++ * contain more information on the error. For socket I/O on Unix systems, ++ * consult errno for details. */ ++ ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err), ++ ssl_error_to_string(sslerr, res)); ++ return -1; + default: + /* Report EOF for an undecoded SSL or transport error. */ + ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), + ssl_error_to_string(sslerr, res)); +- return 0; ++ return -1; + } + if (!ms) { + /* Report EOF for a timeout */ +@@ -317,7 +324,7 @@ ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size) + + while (remaining) { + ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining); +- if (ret < 0) { ++ if (ret <= 0) { + return ret; + } + remaining -= ret; +-- +2.19.0 + |