[Asterisk-cvs] asterisk/channels chan_skinny.c,1.40,1.41
markster at lists.digium.com
markster at lists.digium.com
Wed May 26 19:00:52 CDT 2004
Update of /usr/cvsroot/asterisk/channels
In directory mongoose.digium.com:/tmp/cvs-serv30223/channels
Modified Files:
chan_skinny.c
Log Message:
Perform proper heap bounds checking on skinny messages (bug #1726)
Index: chan_skinny.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channels/chan_skinny.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- chan_skinny.c 12 May 2004 21:30:23 -0000 1.40
+++ chan_skinny.c 26 May 2004 23:15:23 -0000 1.41
@@ -2261,6 +2261,8 @@
return -1;
}
dlen = *(int *)s->inbuf;
+ if (dlen+8 > sizeof(s->inbuf))
+ dlen = sizeof(s->inbuf) - 8;
res = read(s->fd, s->inbuf+4, dlen+4);
ast_mutex_unlock(&s->lock);
if (res != (dlen+4)) {
More information about the svn-commits
mailing list