[asterisk-commits] anthonyl: branch anthonyl/skinny-redux r48239 -
/team/anthonyl/skinny-redux/c...
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Mon Dec 4 12:59:06 MST 2006
Author: anthonyl
Date: Mon Dec 4 13:59:06 2006
New Revision: 48239
URL: http://svn.digium.com/view/asterisk?view=rev&rev=48239
Log:
added length checking for the request length in transmit_response
Modified:
team/anthonyl/skinny-redux/channels/chan_skinny.c
Modified: team/anthonyl/skinny-redux/channels/chan_skinny.c
URL: http://svn.digium.com/view/asterisk/team/anthonyl/skinny-redux/channels/chan_skinny.c?view=diff&rev=48239&r1=48238&r2=48239
==============================================================================
--- team/anthonyl/skinny-redux/channels/chan_skinny.c (original)
+++ team/anthonyl/skinny-redux/channels/chan_skinny.c Mon Dec 4 13:59:06 2006
@@ -1396,6 +1396,12 @@
return -1;
}
+ if (letohl(req->len > SKINNY_MAX_PACKET || letohl(req->len) < 0)) {
+ ast_log(LOG_WARNING, "Transmit: the legnth of the request is out of bounds\n");
+ free(req);
+ return -1;
+ }
+
memset(s->outbuf,0,sizeof(s->outbuf));
memcpy(s->outbuf, req, skinny_header_size);
memcpy(s->outbuf+skinny_header_size, &req->data, letohl(req->len));
More information about the asterisk-commits
mailing list