kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-02 19:16:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

ooh323c: not checking for IE minimum length

Browse Source 
When decoding q.931 encoded calling/called number
now checking for length being less than minimum required.

ASTERISK-30103

Change-Id: I3dcfce0f35eca258dc450f87c92d4d7af402c2e7
This commit is contained in:
Mike Bradeen
2022-06-06 17:11:30 -06:00
committed by Benjamin Keith Ford
parent 2285ffd5eb
commit de142180a3
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
addons/ooh323c/src/ooq931.c
View File

@@ -191,12 +191,14 @@ EXTERN int ooQ931Decode
/* Extract calling party number TODO:Give respect to presentation and
screening indicators ;-) */
if(ie->discriminator == Q931CallingPartyNumberIE)
{
OOTRACEDBGB1(" CallingPartyNumber IE = {\n");
if(ie->length < OO_MAX_NUMBER_LENGTH)
{
int numoffset=1;
OOTRACEDBGB1(" CallingPartyNumber IE = {\n");
if(!(0x80 & ie->data[0])) numoffset = 2;
if( (ie->length >= numoffset) &&
(ie->length < OO_MAX_NUMBER_LENGTH) )
{
memcpy(number, ie->data+numoffset,ie->length-numoffset);
number[ie->length-numoffset]='\0';
OOTRACEDBGB2(" %s\n", number);
@@ -204,7 +206,7 @@ EXTERN int ooQ931Decode
ooCallSetCallingPartyNumber(call, number);
}
else{
OOTRACEERR3("Error:Calling party number too long. (%s, %s)\n",
OOTRACEERR3("Error:Calling party number outside range. (%s, %s)\n",
call->callType, call->callToken);
}
OOTRACEDBGB1(" }\n");
@@ -214,7 +216,8 @@ EXTERN int ooQ931Decode
if(ie->discriminator == Q931CalledPartyNumberIE)
{
OOTRACEDBGB1(" CalledPartyNumber IE = {\n");
if(ie->length < OO_MAX_NUMBER_LENGTH)
if( (ie->length >= 1) &&
(ie->length < OO_MAX_NUMBER_LENGTH) )
{
memcpy(number, ie->data+1,ie->length-1);
number[ie->length-1]='\0';
@@ -223,7 +226,7 @@ EXTERN int ooQ931Decode
ooCallSetCalledPartyNumber(call, number);
}
else{
OOTRACEERR3("Error:Calling party number too long. (%s, %s)\n",
OOTRACEERR3("Error:Calling party number outside range. (%s, %s)\n",
call->callType, call->callToken);
}
OOTRACEDBGB1(" }\n");