[Asterisk-code-review] main/udptl: Fix crash on 0 length 2ndary IFP packet (asterisk[11])
Torrey Searle
asteriskteam at digium.com
Wed Feb 3 03:39:43 CST 2016
Torrey Searle has uploaded a new change for review.
https://gerrit.asterisk.org/2154
Change subject: main/udptl: Fix crash on 0 length 2ndary IFP packet
......................................................................
main/udptl: Fix crash on 0 length 2ndary IFP packet
When an IFP is 0 length a frame with unitialised buffer pointer is
returned resulting in a crash
ASTERISK-25742 #close
Change-Id: I75f14039bb69a63549103233c26d011b3cbb24a0
---
M main/udptl.c
1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/54/2154/1
diff --git a/main/udptl.c b/main/udptl.c
index 76fc2fb..62ef1ca 100644
--- a/main/udptl.c
+++ b/main/udptl.c
@@ -271,6 +271,9 @@
*p_num_octets = octet_cnt;
*p_object = &buf[*len];
*len += octet_cnt;
+ } else {
+ *p_num_octets = 0;
+ *p_object = NULL;
}
return 0;
--
To view, visit https://gerrit.asterisk.org/2154
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I75f14039bb69a63549103233c26d011b3cbb24a0
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 11
Gerrit-Owner: Torrey Searle <tsearle at gmail.com>
More information about the asterisk-code-review
mailing list