Properly check for the length in the skinny packet to prevent an invalid memcpy.

(ASA-2007-016) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75449 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-04 03:50:31 +00:00 · 2007-07-17 20:57:09 +00:00
parent d0b4144eb4
commit d359de6edb
1 changed files with 1 additions and 1 deletions
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -2862,7 +2862,7 @@ static int get_input(struct skinnysession *s)
 			return -1;
 		}
 		dlen = letohl(*(int *)s->inbuf);
-		if (dlen < 0) {
+		if (dlen < 4) {
 			ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
 			return -1;
 		}