Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

Ensure that the pointer to STUN data does not go to unaccessible memory. (ASA-2007-017)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@75439 65c4cc65-6c06-0410-ace0-fbb531ad65f3
1.4
Joshua Colp 18 years ago
parent bdf09824c6
commit 396e723f17
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
main/rtp.c
Unescape View File

@ -450,9 +450,9 @@ static int stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *dat
break;
}
attr = (struct stun_attr *)data;
if (ntohs(attr->len) > len) {
if ((ntohs(attr->len) + sizeof(struct stun_attr)) > len) {
if (option_debug)
ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", ntohs(attr->len), len);
ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", (ntohs(attr->len) + sizeof(struct stun_attr)), len);
break;
}
if (stun_process_attr(&st, attr)) {

Write Preview
Loading…
Cancel
Save