Perform proper heap bounds checking on skinny messages (bug #1726)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3085 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
parent
fdb8ffe20d
commit
ec14976ac3
|
@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s)
|
|||
return -1;
|
||||
}
|
||||
dlen = *(int *)s->inbuf;
|
||||
if (dlen+8 > sizeof(s->inbuf))
|
||||
dlen = sizeof(s->inbuf) - 8;
|
||||
res = read(s->fd, s->inbuf+4, dlen+4);
|
||||
ast_mutex_unlock(&s->lock);
|
||||
if (res != (dlen+4)) {
|
||||
|
|
Loading…
Reference in New Issue