diff options
author | Richard Mudgett <rmudgett@digium.com> | 2015-12-07 12:46:53 -0600 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2016-02-03 15:07:04 -0600 |
commit | e67b445e8dcca2bff043f2ed095b7fa8f5311c61 (patch) | |
tree | 025f800be6eeeccae89ec0d4a21eb07921cc9a89 /main | |
parent | ae1f728f0f7f816a3e697a0c039046f23ec9ccf3 (diff) |
AST-2016-003 udptl.c: Fix uninitialized values.
Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.
ASTERISK-25603 #close
Reported by: Walter Doekes
ASTERISK-25742 #close
Reported by: Torrey Searle
Change-Id: I97df8375041be986f3f266ac1946a538023a5255
Diffstat (limited to 'main')
-rw-r--r-- | main/udptl.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/main/udptl.c b/main/udptl.c index c059ad3a4..a0f533fd0 100644 --- a/main/udptl.c +++ b/main/udptl.c @@ -305,16 +305,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len, if (decode_length(buf, limit, len, &octet_cnt) != 0) return -1; - if (octet_cnt > 0) { - /* Make sure the buffer contains at least the number of bits requested */ - if ((*len + octet_cnt) > limit) - return -1; - - *p_num_octets = octet_cnt; - *p_object = &buf[*len]; - *len += octet_cnt; + /* Make sure the buffer contains at least the number of bits requested */ + if ((*len + octet_cnt) > limit) { + return -1; } + *p_num_octets = octet_cnt; + *p_object = &buf[*len]; + *len += octet_cnt; + return 0; } /*- End of function --------------------------------------------------------*/ |