[svn-commits] may: branch may/smpp r402222 - /team/may/smpp/branches/10/addons/res_smpp.c

SVN commits to the Digium repositories svn-commits at lists.digium.com
Tue Oct 29 16:24:00 CDT 2013 

Author: may
Date: Tue Oct 29 16:23:57 2013
New Revision: 402222

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=402222
Log:
few fixes on buffer overflow and null pointers

Modified:
    team/may/smpp/branches/10/addons/res_smpp.c

Modified: team/may/smpp/branches/10/addons/res_smpp.c
URL: http://svnview.digium.com/svn/asterisk/team/may/smpp/branches/10/addons/res_smpp.c?view=diff&rev=402222&r1=402221&r2=402222
==============================================================================
--- team/may/smpp/branches/10/addons/res_smpp.c (original)
+++ team/may/smpp/branches/10/addons/res_smpp.c Tue Oct 29 16:23:57 2013
@@ -190,7 +190,10 @@
 static tlv_t* put_tlvs(tlv_t **stlv, struct ast_msg *message, char *tmp, int tmplen)
 {
 	tlv_t* tlv;
-	int k, tlvnum = atoi(ast_msg_get_var(message, "tlvs"));
+	int k, tlvnum = 0;
+	if (ast_msg_get_var(message, "tlvs")) {
+		tlvnum = atoi(ast_msg_get_var(message, "tlvs"));
+	}
 	while (tlvnum) {
 		tlv = ast_calloc(1, sizeof(tlv_t));
 		snprintf(tmp, tmplen, "tlv.%d.tag", tlvnum);
@@ -258,7 +261,7 @@
 
 	memset(&pdu, 0, sizeof(pdu));
 
-	if ((recv(smsc->socket, &pdulen, 4, MSG_PEEK) != 4) ||
+	if ((recv(smsc->socket, &pdulen, 4, MSG_PEEK) != 4) || ntohl(pdulen) > sizeof(pdu) ||
 	    (recv(smsc->socket, pdu, ntohl(pdulen), 0) != ntohl(pdulen))) {
 		ast_log(LOG_WARNING, "smpp read error %s to smsc %s\n", strerror(errno), smsc->name);
 		return NULL;
@@ -508,7 +511,7 @@
 	port = ast_sockaddr_port(&newsock->addr);
 	socket = newsock->socket;
 
-	if ((recv(socket, &pdulen, 4, MSG_PEEK) != 4) ||
+	if ((recv(socket, &pdulen, 4, MSG_PEEK) != 4) || ntohl(pdulen) > sizeof(pdu) ||
 	    (recv(socket, pdu, ntohl(pdulen), 0) != ntohl(pdulen))) {
 		ast_log(LOG_WARNING, "smpp read error on new connection %s\n", strerror(errno));
 		return NULL;
@@ -1284,7 +1287,7 @@
 	if (!strncasecmp(to, "smpp:", strlen("smpp:"))) {
 		to += strlen("smpp:");
 	}
-
+	memset(tmp, 0, sizeof(tmp));
 	strncpy(tmp, to, strlen(to));
 	if (strchr(tmp, '@')) {
 		tosme = strchr(tmp, '@');
@@ -1302,7 +1305,7 @@
 		return -1;
 	}
 	if (!(smsc = find_smsc(tosme))) {
-		ast_log(LOG_ERROR, "Can't find SME %s\n", to);
+		ast_log(LOG_ERROR, "Can't find SME %s\n", tosme);
 		return -1;
 	}

More information about the svn-commits mailing list