[asterisk-commits] AST-2016-003 udptl.c: Fix uninitialized values. (asterisk[certified/11.6])

Wed Feb 3 15:18:13 CST 2016

Kevin Harwell has submitted this change and it was merged.

Change subject: AST-2016-003 udptl.c: Fix uninitialized values.
......................................................................


AST-2016-003 udptl.c: Fix uninitialized values.

Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.

ASTERISK-25603 #close
Reported by: Walter Doekes

ASTERISK-25742 #close
Reported by: Torrey Searle

Change-Id: I97df8375041be986f3f266ac1946a538023a5255
---
M main/udptl.c
1 file changed, 7 insertions(+), 8 deletions(-)

Approvals:
  Kevin Harwell: Looks good to me, approved; Verified

diff --git a/main/udptl.c b/main/udptl.c
index 772da03..b582008 100644
--- a/main/udptl.c
+++ b/main/udptl.c
@@ -263,16 +263,15 @@
 	if (decode_length(buf, limit, len, &octet_cnt) != 0)
 		return -1;
 
-	if (octet_cnt > 0) {
-		/* Make sure the buffer contains at least the number of bits requested */
-		if ((*len + octet_cnt) > limit)
-			return -1;
-
-		*p_num_octets = octet_cnt;
-		*p_object = &buf[*len];
-		*len += octet_cnt;
+	/* Make sure the buffer contains at least the number of bits requested */
+	if ((*len + octet_cnt) > limit) {
+		return -1;
 	}
 
+	*p_num_octets = octet_cnt;
+	*p_object = &buf[*len];
+	*len += octet_cnt;
+
 	return 0;
 }
 /*- End of function --------------------------------------------------------*/

-- 
To view, visit https://gerrit.asterisk.org/2180
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I97df8375041be986f3f266ac1946a538023a5255
Gerrit-PatchSet: 2
Gerrit-Project: asterisk
Gerrit-Branch: certified/11.6
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>

