[asterisk-commits] file: branch 1.4 r75439 - /branches/1.4/main/rtp.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Tue Jul 17 15:40:57 CDT 2007
Author: file
Date: Tue Jul 17 15:40:57 2007
New Revision: 75439
URL: http://svn.digium.com/view/asterisk?view=rev&rev=75439
Log:
Ensure that the pointer to STUN data does not go to unaccessible memory. (ASA-2007-017)
Modified:
branches/1.4/main/rtp.c
Modified: branches/1.4/main/rtp.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/rtp.c?view=diff&rev=75439&r1=75438&r2=75439
==============================================================================
--- branches/1.4/main/rtp.c (original)
+++ branches/1.4/main/rtp.c Tue Jul 17 15:40:57 2007
@@ -450,9 +450,9 @@
break;
}
attr = (struct stun_attr *)data;
- if (ntohs(attr->len) > len) {
+ if ((ntohs(attr->len) + sizeof(struct stun_attr)) > len) {
if (option_debug)
- ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", ntohs(attr->len), len);
+ ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", (ntohs(attr->len) + sizeof(struct stun_attr)), len);
break;
}
if (stun_process_attr(&st, attr)) {
More information about the asterisk-commits
mailing list