kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-24 05:38:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added check for negative offset in cid spill to prevent infinite loops

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@63786 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Doug Bailey
2007-05-10 21:25:05 +00:00
parent aa320037d2
commit 0bb316de28
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
main/callerid.c
View File

@@ -636,6 +636,12 @@ int callerid_feed(struct callerid_state *cid, unsigned char *ubuf, int len, int
default: default:
ast_log(LOG_NOTICE, "Unknown IE %d\n", cid->rawdata[x - 1]); ast_log(LOG_NOTICE, "Unknown IE %d\n", cid->rawdata[x - 1]);
} }
if(0 > cid->rawdata[x]){ /* Negative offset in the CID Spill */
ast_log(LOG_NOTICE, "IE %d has bad field length of %d at offset %d\n", cid->rawdata[x-1], cid->rawdata[x], x);
/* Try again */
cid->sawflag = 0;
break; /* Exit the loop */
}
x += cid->rawdata[x]; x += cid->rawdata[x];
x++; x++;
} }