AST-2016-003 udptl.c: Fix uninitialized values.

Sending UDPTL packets to Asterisk with the right amount of missing sequence numbers and enough redundant 0-length IFP packets, can make Asterisk crash. ASTERISK-25603 #close Reported by: Walter Doekes ASTERISK-25742 #close Reported by: Torrey Searle Change-Id: I97df8375041be986f3f266ac1946a538023a5255
author: Richard Mudgett <rmudgett@digium.com> 2015-12-07 12:46:53 -0600
committer: Richard Mudgett <rmudgett@digium.com> 2016-02-03 15:07:04 -0600
commit: e67b445e8dcca2bff043f2ed095b7fa8f5311c61 (patch)
tree: 025f800be6eeeccae89ec0d4a21eb07921cc9a89 /main/udptl.c
parent: ae1f728f0f7f816a3e697a0c039046f23ec9ccf3 (diff)
1 files changed, 7 insertions, 8 deletions
diff --git a/main/udptl.c b/main/udptl.c
index c059ad3a4..a0f533fd0 100644
--- a/main/udptl.c
+++ b/main/udptl.c
@@ -305,16 +305,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len,
 	if (decode_length(buf, limit, len, &octet_cnt) != 0)
 		return -1;
 
-	if (octet_cnt > 0) {
-		/* Make sure the buffer contains at least the number of bits requested */
-		if ((*len + octet_cnt) > limit)
-			return -1;
-
-		*p_num_octets = octet_cnt;
-		*p_object = &buf[*len];
-		*len += octet_cnt;
+	/* Make sure the buffer contains at least the number of bits requested */
+	if ((*len + octet_cnt) > limit) {
+		return -1;
 	}
 
+	*p_num_octets = octet_cnt;
+	*p_object = &buf[*len];
+	*len += octet_cnt;
+
 	return 0;
 }
 /*- End of function --------------------------------------------------------*/
author	Richard Mudgett <rmudgett@digium.com>	2015-12-07 12:46:53 -0600
committer	Richard Mudgett <rmudgett@digium.com>	2016-02-03 15:07:04 -0600
commit	e67b445e8dcca2bff043f2ed095b7fa8f5311c61 (patch)
tree	025f800be6eeeccae89ec0d4a21eb07921cc9a89 /main/udptl.c
parent	ae1f728f0f7f816a3e697a0c039046f23ec9ccf3 (diff)