[asterisk-commits] qwell: branch 1.4 r78375 - /branches/1.4/channels/chan_skinny.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Aug 7 13:25:15 CDT 2007
Author: qwell
Date: Tue Aug 7 13:25:15 2007
New Revision: 78375
URL: http://svn.digium.com/view/asterisk?view=rev&rev=78375
Log:
Properly check the capabilities count to avoid a segfault.
(ASA-2007-019)
Modified:
branches/1.4/channels/chan_skinny.c
Modified: branches/1.4/channels/chan_skinny.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_skinny.c?view=diff&rev=78375&r1=78374&r2=78375
==============================================================================
--- branches/1.4/channels/chan_skinny.c (original)
+++ branches/1.4/channels/chan_skinny.c Tue Aug 7 13:25:15 2007
@@ -202,9 +202,11 @@
} payloads;
};
+#define SKINNY_MAX_CAPABILITIES 18
+
struct capabilities_res_message {
uint32_t count;
- struct station_capabilities caps[18];
+ struct station_capabilities caps[SKINNY_MAX_CAPABILITIES];
};
#define SPEED_DIAL_STAT_REQ_MESSAGE 0x000A
@@ -3459,11 +3461,15 @@
{
struct skinny_device *d = s->device;
struct skinny_line *l;
- int count = 0;
+ uint32_t count = 0;
int codecs = 0;
int i;
count = letohl(req->data.caps.count);
+ if (count > SKINNY_MAX_CAPABILITIES) {
+ count = SKINNY_MAX_CAPABILITIES;
+ ast_log(LOG_WARNING, "Received more capabilities than we can handle (%d). Ignoring the rest.\n", SKINNY_MAX_CAPABILITIES);
+ }
for (i = 0; i < count; i++) {
int acodec = 0;
More information about the asterisk-commits
mailing list