Asterisk
/
asterisk
mirror of https://github.com/asterisk/asterisk
1
0
Fork 0
Code Issues Releases Wiki Activity

AST-2016-003 udptl.c: Fix uninitialized values.

Browse Source 
Sending UDPTL packets to Asterisk with the right amount of missing
sequence numbers and enough redundant 0-length IFP packets, can make
Asterisk crash.

ASTERISK-25603 #close
Reported by: Walter Doekes

ASTERISK-25742 #close
Reported by: Torrey Searle

Change-Id: I97df8375041be986f3f266ac1946a538023a5255
changes/75/2175/2
Richard Mudgett 10 years ago
parent 73159cb45f
commit c6b1b2b1c8
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File

15
main/udptl.c
Unescape View File

@ -305,16 +305,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len,
if (decode_length(buf, limit, len, &octet_cnt) != 0) if (decode_length(buf, limit, len, &octet_cnt) != 0)
return -1; return -1;
if (octet_cnt > 0) { /* Make sure the buffer contains at least the number of bits requested */
/* Make sure the buffer contains at least the number of bits requested */ if ((*len + octet_cnt) > limit) {
if ((*len + octet_cnt) > limit) return -1;
return -1;
*p_num_octets = octet_cnt;
*p_object = &buf[*len];
*len += octet_cnt;
} }
*p_num_octets = octet_cnt;
*p_object = &buf[*len];
*len += octet_cnt;
return 0; return 0;
} }
/*- End of function --------------------------------------------------------*/ /*- End of function --------------------------------------------------------*/

Write Preview
Loading…
Cancel
Save