[libpri-commits] mattf: branch 1.2 r513 - /branches/1.2/q931.c
SVN commits to the libpri project
libpri-commits at lists.digium.com
Fri Jan 11 10:33:52 CST 2008
Author: mattf
Date: Fri Jan 11 10:33:52 2008
New Revision: 513
URL: http://svn.digium.com/view/libpri?view=rev&rev=513
Log:
We should not be parsing further into the bearer capability IE if the length does not confirm that there actually is data present
Modified:
branches/1.2/q931.c
Modified: branches/1.2/q931.c
URL: http://svn.digium.com/view/libpri/branches/1.2/q931.c?view=diff&rev=513&r1=512&r2=513
==============================================================================
--- branches/1.2/q931.c (original)
+++ branches/1.2/q931.c Fri Jan 11 10:33:52 2008
@@ -576,8 +576,9 @@
pos++;
}
/* Stop here if no more */
- if (pos >= len)
+ if (pos >= len - 2)
return;
+
if ((ie->data[1] & 0x7f) != TRANS_MODE_PACKET) {
/* Look for octets 5 and 5.a if present */
pri_message(pri, "%c Ext: %d User information layer 1: %s (%d)\n", prefix, (ie->data[pos] >> 7), l12str(ie->data[pos] & 0x7f), ie->data[pos] & 0x7f);
@@ -604,6 +605,10 @@
call->transmoderate = ie->data[1] & 0x7f;
if (call->transmoderate == PRI_TRANS_CAP_AUDIO_4ESS)
call->transmoderate = PRI_TRANS_CAP_3_1K_AUDIO;
+
+ if (pos >= len - 2)
+ return 0;
+
if (call->transmoderate != TRANS_MODE_PACKET) {
call->userl1 = ie->data[pos] & 0x7f;
if (call->userl1 == PRI_LAYER_1_ITU_RATE_ADAPT) {
More information about the libpri-commits
mailing list