Security Question

system · October 28, 2013, 3:11pm

I am researching about security vulnerabilities in the Asterisk product.
I saw in Asterisk Project Security Advisory - AST-2013-002 (downloads.asterisk.org/pub/secur … 13-002.pdf) that the value of the Content-Length is now capped at a maximum value of 1024 bytes.
Can I infer that any communication that I recieve with a content-length value over 1024 bytes will be malicious?

Thanks

david55 · October 28, 2013, 3:52pm

This relates to HTTP, not to VoIP, so you should already have firewalls limiting access to trusted local machines.

You can only assume that the author of the change felt that such long requests were unlikely to be genuine. They may or may not have correctly calculated the maximum possible length. It is most unlikely that it is exactly 1000 bytes.

Topic		Replies	Views
Content Length is wrong Asterisk Support	10	553	September 1, 2011
Maximum number of characters in simple SIP messages Asterisk SIP	4	669	September 30, 2021
Increase the maximum number of characters in simple SIP messages Asterisk SIP	23	1141	October 22, 2021
PJSIP: Max callerID length? Asterisk Support	9	963	October 27, 2021
[HTTP module] Max content length - repercussions on ARI Asterisk Support	1	226	March 5, 2015

Security Question

Related topics