kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-29 23:39:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Perform proper heap bounds checking on skinny messages (bug #1726)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3085 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Mark Spencer
2004-05-26 23:15:23 +00:00
parent fdb8ffe20d
commit ec14976ac3
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
channels/chan_skinny.c
View File

@@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s)
return -1; return -1;
} }
dlen = *(int *)s->inbuf; dlen = *(int *)s->inbuf;
if (dlen+8 > sizeof(s->inbuf))
dlen = sizeof(s->inbuf) - 8;
res = read(s->fd, s->inbuf+4, dlen+4); res = read(s->fd, s->inbuf+4, dlen+4);
ast_mutex_unlock(&s->lock); ast_mutex_unlock(&s->lock);
if (res != (dlen+4)) { if (res != (dlen+4)) {