AST-2016-003 udptl.c: Fix uninitialized values.

Sending UDPTL packets to Asterisk with the right amount of missing sequence numbers and enough redundant 0-length IFP packets, can make Asterisk crash. ASTERISK-25603 #close Reported by: Walter Doekes ASTERISK-25742 #close Reported by: Torrey Searle Change-Id: I97df8375041be986f3f266ac1946a538023a5255
2025-09-03 03:20:57 +00:00 · 2015-12-07 12:46:53 -06:00
parent ae1f728f0f
commit e67b445e8d
1 changed files with 7 additions and 8 deletions
--- a/main/udptl.c
+++ b/main/udptl.c
@@ -305,15 +305,14 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len,
 	if (decode_length(buf, limit, len, &octet_cnt) != 0)
 		return -1;

-	if (octet_cnt > 0) {
 	/* Make sure the buffer contains at least the number of bits requested */
-		if ((*len + octet_cnt) > limit)
+	if ((*len + octet_cnt) > limit) {
 		return -1;
+	}

 	*p_num_octets = octet_cnt;
 	*p_object = &buf[*len];
 	*len += octet_cnt;
-	}

 	return 0;
 }