diff options
author | Mark Spencer <markster@digium.com> | 2004-05-26 23:15:23 +0000 |
---|---|---|
committer | Mark Spencer <markster@digium.com> | 2004-05-26 23:15:23 +0000 |
commit | ec14976ac38efa2972541fb549823a4fc9f1373b (patch) | |
tree | aff0c6cb497ec701d98a383b490460bee470322b /channels | |
parent | fdb8ffe20d5b89f75cb1b525f1787a909000bdd8 (diff) |
Perform proper heap bounds checking on skinny messages (bug #1726)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3085 65c4cc65-6c06-0410-ace0-fbb531ad65f3
Diffstat (limited to 'channels')
-rwxr-xr-x | channels/chan_skinny.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index fa0fb809d..ec15a2c39 100755 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s) return -1; } dlen = *(int *)s->inbuf; + if (dlen+8 > sizeof(s->inbuf)) + dlen = sizeof(s->inbuf) - 8; res = read(s->fd, s->inbuf+4, dlen+4); ast_mutex_unlock(&s->lock); if (res != (dlen+4)) { |