kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-09 11:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that the pointer to STUN data does not go to unaccessible memory. (ASA-2007-017)

Browse Source 
git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@75439 65c4cc65-6c06-0410-ace0-fbb531ad65f3
This commit is contained in:
Joshua Colp
2007-07-17 20:40:57 +00:00
parent bdf09824c6
commit 396e723f17
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
main/rtp.c
View File

@@ -450,9 +450,9 @@ static int stun_handle_packet(int s, struct sockaddr_in *src, unsigned char *dat
break; break;
} }
attr = (struct stun_attr *)data; attr = (struct stun_attr *)data;
if (ntohs(attr->len) > len) { if ((ntohs(attr->len) + sizeof(struct stun_attr)) > len) {
if (option_debug) if (option_debug)
ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", ntohs(attr->len), len); ast_log(LOG_DEBUG, "Inconsistent Attribute (length %d exceeds remaining msg len %zd)\n", (ntohs(attr->len) + sizeof(struct stun_attr)), len);
break; break;
} }
if (stun_process_attr(&st, attr)) { if (stun_process_attr(&st, attr)) {