From dbc550a26dd8643c238205f63133dc0d87d1ea14 Mon Sep 17 00:00:00 2001 From: Michael Jerris Date: Mon, 11 May 2015 19:46:27 -0500 Subject: [PATCH] FS-7184: add buffer overflow check in udptl_rx_packet --- src/mod/applications/mod_spandsp/udptl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/mod/applications/mod_spandsp/udptl.c b/src/mod/applications/mod_spandsp/udptl.c index d1e21d648d..874c30b686 100644 --- a/src/mod/applications/mod_spandsp/udptl.c +++ b/src/mod/applications/mod_spandsp/udptl.c @@ -223,6 +223,9 @@ int udptl_rx_packet(udptl_state_t *s, const uint8_t buf[], int len) if ((stat = decode_length(buf, len, &ptr, &count)) < 0) return -1; for (i = 0; i < count; i++) { + if (total_count + i >= 16) { + return -1; + } if (decode_open_type(buf, len, &ptr, &bufs[total_count + i], &lengths[total_count + i]) != 0) return -1; }