kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

mod_skinny: fix potential overflow CID: 1060947

This commit is contained in:
Nathan Neulinger 2014-08-05 11:26:20 -05:00
parent 5e1e3565db
commit bea603b7fa
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mod/endpoints/mod_skinny/mod_skinny.h
View File

@ -336,6 +336,8 @@ switch_endpoint_interface_t *skinny_get_endpoint_interface();
#define skinny_textid2raw(label) (label > 0 ? switch_mprintf("\200%c", label) : switch_mprintf(""))
char *skinny_format_message(const char *str);
#define SKINNY_MAX_STRING 16384
#endif /* _MOD_SKINNY_H */
/* For Emacs:

6
src/mod/endpoints/mod_skinny/skinny_server.c
View File

@ -1802,6 +1802,12 @@ switch_status_t skinny_handle_capabilities_response(listener_t *listener, skinny
}
i = 0;
pos = 0;
if ( string_len > SKINNY_MAX_STRING ) {
skinny_log_l_msg(listener, SWITCH_LOG_ERROR, "Codec string list too long.\n");
return SWITCH_STATUS_FALSE;
}
codec_string = calloc(string_len+1,1);
if ( !codec_string ) {
skinny_log_l_msg(listener, SWITCH_LOG_ERROR, "Unable to allocate memory for codec string.\n");