kenmirrors/freeswitch
1
0
Fork 0
mirror of https://github.com/signalwire/freeswitch.git synced 2025-04-14 08:05:37 +00:00
Code Issues Projects Releases Wiki Activity

A slightly mroe elegant an commented fix for the potential overflow issue in udptl.c

Browse Source
This commit is contained in:
Steve Underwood 2015-05-12 12:00:04 +08:00
parent dbc550a26d
commit b156cbd604
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/mod/applications/mod_spandsp/udptl.c
View File

@ -222,10 +222,12 @@ int udptl_rx_packet(udptl_state_t *s, const uint8_t buf[], int len)
do {
if ((stat = decode_length(buf, len, &ptr, &count)) < 0)
return -1;
if ((total_count + count) >= 16) {
/* There is too much stuff here to be real, and it would overflow the bufs array
if we continue */
return -1;
}
for (i = 0; i < count; i++) {
if (total_count + i >= 16) {
return -1;
}
if (decode_open_type(buf, len, &ptr, &bufs[total_count + i], &lengths[total_count + i]) != 0)
return -1;
}