[asterisk-commits] tilghman: trunk r168604 - in /trunk: ./ main/udptl.c
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Wed Jan 14 13:11:14 CST 2009
Author: tilghman
Date: Wed Jan 14 13:11:14 2009
New Revision: 168604
URL: http://svn.digium.com/svn-view/asterisk?view=rev&rev=168604
Log:
Merged revisions 168603 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r168603 | tilghman | 2009-01-14 13:02:55 -0600 (Wed, 14 Jan 2009) | 7 lines
Don't read into a buffer without first checking if a value is beyond the end.
(closes issue #13600)
Reported by: atis
Patches:
20090106__bug13600.diff.txt uploaded by Corydon76 (license 14)
Tested by: atis
........
Modified:
trunk/ (props changed)
trunk/main/udptl.c
Propchange: trunk/
------------------------------------------------------------------------------
Binary property 'branch-1.4-merged' - no diff available.
Modified: trunk/main/udptl.c
URL: http://svn.digium.com/svn-view/asterisk/trunk/main/udptl.c?view=diff&rev=168604&r1=168603&r2=168604
==============================================================================
--- trunk/main/udptl.c (original)
+++ trunk/main/udptl.c Wed Jan 14 13:11:14 2009
@@ -176,15 +176,15 @@
static int decode_length(uint8_t *buf, int limit, int *len, int *pvalue)
{
+ if (*len >= limit)
+ return -1;
if ((buf[*len] & 0x80) == 0) {
- if (*len >= limit)
- return -1;
*pvalue = buf[*len];
(*len)++;
return 0;
}
if ((buf[*len] & 0x40) == 0) {
- if (*len >= limit - 1)
+ if (*len == limit - 1)
return -1;
*pvalue = (buf[*len] & 0x3F) << 8;
(*len)++;
@@ -192,8 +192,6 @@
(*len)++;
return 0;
}
- if (*len >= limit)
- return -1;
*pvalue = (buf[*len] & 0x3F) << 14;
(*len)++;
/* Indicate we have a fragment */
More information about the asterisk-commits
mailing list