[asterisk-commits] qwell: branch 1.4 r78375 - /branches/1.4/channels/chan_skinny.c

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Aug 7 13:25:15 CDT 2007


Author: qwell
Date: Tue Aug  7 13:25:15 2007
New Revision: 78375

URL: http://svn.digium.com/view/asterisk?view=rev&rev=78375
Log:
Properly check the capabilities count to avoid a segfault.
(ASA-2007-019)

Modified:
    branches/1.4/channels/chan_skinny.c

Modified: branches/1.4/channels/chan_skinny.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/channels/chan_skinny.c?view=diff&rev=78375&r1=78374&r2=78375
==============================================================================
--- branches/1.4/channels/chan_skinny.c (original)
+++ branches/1.4/channels/chan_skinny.c Tue Aug  7 13:25:15 2007
@@ -202,9 +202,11 @@
 	} payloads;
 };
 
+#define SKINNY_MAX_CAPABILITIES 18
+
 struct capabilities_res_message {
 	uint32_t count;
-	struct station_capabilities caps[18];
+	struct station_capabilities caps[SKINNY_MAX_CAPABILITIES];
 };
 
 #define SPEED_DIAL_STAT_REQ_MESSAGE 0x000A
@@ -3459,11 +3461,15 @@
 {
 	struct skinny_device *d = s->device;
 	struct skinny_line *l;
-	int count = 0;
+	uint32_t count = 0;
 	int codecs = 0;
 	int i;
 
 	count = letohl(req->data.caps.count);
+	if (count > SKINNY_MAX_CAPABILITIES) {
+		count = SKINNY_MAX_CAPABILITIES;
+		ast_log(LOG_WARNING, "Received more capabilities than we can handle (%d).  Ignoring the rest.\n", SKINNY_MAX_CAPABILITIES);
+	}
 
 	for (i = 0; i < count; i++) {
 		int acodec = 0;




More information about the asterisk-commits mailing list