[asterisk-commits] dbailey: branch 1.4 r63750 -
/branches/1.4/main/callerid.c
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Thu May 10 13:48:54 MST 2007
Author: dbailey
Date: Thu May 10 15:48:54 2007
New Revision: 63750
URL: http://svn.digium.com/view/asterisk?view=rev&rev=63750
Log:
Add test for negative offsets in cid data to prevent infinite loops.
Modified:
branches/1.4/main/callerid.c
Modified: branches/1.4/main/callerid.c
URL: http://svn.digium.com/view/asterisk/branches/1.4/main/callerid.c?view=diff&rev=63750&r1=63749&r2=63750
==============================================================================
--- branches/1.4/main/callerid.c (original)
+++ branches/1.4/main/callerid.c Thu May 10 15:48:54 2007
@@ -660,6 +660,12 @@
default:
ast_log(LOG_NOTICE, "Unknown IE %d\n", cid->rawdata[x-1]);
}
+ if(0 > cid->rawdata[x]){ /* Negative offset in the CID Spill */
+ ast_log(LOG_NOTICE, "IE %d has bad field length of %d at offset %d\n", cid->rawdata[x-1], cid->rawdata[x], x);
+ /* Try again */
+ cid->sawflag = 0;
+ break; /* Exit the loop */
+ }
x += cid->rawdata[x];
x++;
}
More information about the asterisk-commits
mailing list