diff options
author | Richard Mudgett <rmudgett@digium.com> | 2015-12-07 12:46:53 -0600 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2016-02-03 15:08:15 -0600 |
commit | c6b1b2b1c84b2b9d27349036f2760aa263d74ef5 (patch) | |
tree | 5e5d29c5746a0f85a344ff6cdaafe542ff277222 /main/udptl.c | |
parent | 73159cb45f26e5f52605beb826cd955538912458 (diff) |
AST-2016-003 udptl.c: Fix uninitialized values.
Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.
ASTERISK-25603 #close
Reported by: Walter Doekes
ASTERISK-25742 #close
Reported by: Torrey Searle
Change-Id: I97df8375041be986f3f266ac1946a538023a5255
Diffstat (limited to 'main/udptl.c')
-rw-r--r-- | main/udptl.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/main/udptl.c b/main/udptl.c index 4e878195c..e8410cc8b 100644 --- a/main/udptl.c +++ b/main/udptl.c @@ -305,16 +305,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len, if (decode_length(buf, limit, len, &octet_cnt) != 0) return -1; - if (octet_cnt > 0) { - /* Make sure the buffer contains at least the number of bits requested */ - if ((*len + octet_cnt) > limit) - return -1; - - *p_num_octets = octet_cnt; - *p_object = &buf[*len]; - *len += octet_cnt; + /* Make sure the buffer contains at least the number of bits requested */ + if ((*len + octet_cnt) > limit) { + return -1; } + *p_num_octets = octet_cnt; + *p_object = &buf[*len]; + *len += octet_cnt; + return 0; } /*- End of function --------------------------------------------------------*/ |