From 79dca5ef7502708d9285dbe8b954d8632e345769 Mon Sep 17 00:00:00 2001
From: Jason Parker <jparker@digium.com>
Date: Mon, 21 Aug 2006 07:34:59 +0000
Subject: Fix a potential integer signedness problem. Also fix some locking
 issues I found at the same time.

Issue 7770, original patch by alamantia


git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@40757 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_skinny.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'channels/chan_skinny.c')

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 4d31969dc..acd6ad951 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -3927,12 +3927,19 @@ static int get_input(struct skinnysession *s)
 		res = read(s->fd, s->inbuf, 4);
 		if (res < 0) {
 			ast_log(LOG_WARNING, "read() returned error: %s\n", strerror(errno));
+			ast_mutex_unlock(&s->lock);
 			return res;
 		} else if (res != 4) {
 			ast_log(LOG_WARNING, "Skinny Client sent less data than expected.  Expected 4 but got %d.\n", res);
+			ast_mutex_unlock(&s->lock);
 			return -1;
 		}
 		dlen = letohl(*(int *)s->inbuf);
+		if (dlen < 0) {
+			ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
+			ast_mutex_unlock(&s->lock);
+			return -1;
+		}
 		if (dlen+8 > sizeof(s->inbuf)) {
 			dlen = sizeof(s->inbuf) - 8;
 		}
-- 
cgit v1.2.3