kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-09-03 03:20:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

AST-2016-003 udptl.c: Fix uninitialized values.

Browse Source 
Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.

ASTERISK-25603 #close
Reported by: Walter Doekes

ASTERISK-25742 #close
Reported by: Torrey Searle

Change-Id: I97df8375041be986f3f266ac1946a538023a5255
This commit is contained in:
Richard Mudgett
2015-12-07 12:46:53 -06:00
parent ae1f728f0f
commit e67b445e8d
1 changed files with 7 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
main/udptl.c
View File

@@ -305,16 +305,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len,
if (decode_length(buf, limit, len, &octet_cnt) != 0) if (decode_length(buf, limit, len, &octet_cnt) != 0)
return -1; return -1;
if (octet_cnt > 0) { /* Make sure the buffer contains at least the number of bits requested */
/* Make sure the buffer contains at least the number of bits requested */ if ((*len + octet_cnt) > limit) {
if ((*len + octet_cnt) > limit) return -1;
return -1;
*p_num_octets = octet_cnt;
*p_object = &buf[*len];
*len += octet_cnt;
} }
*p_num_octets = octet_cnt;
*p_object = &buf[*len];
*len += octet_cnt;
return 0; return 0;
} }
/*- End of function --------------------------------------------------------*/ /*- End of function --------------------------------------------------------*/