Fix SIGABRT on wrong AMR payload
Previously length check have not considered AMR format which requires extra byte for in-band length leading to SIGABRT on incorrect payload from BTS. Change-Id: I800f756fc803accace8c7e0b4a42b3744fe78bb6 Fixes: OS#1731
This commit is contained in:
parent
b8afb5fda2
commit
e152ffe14d
|
@ -163,7 +163,9 @@ static int rtp_decode(struct msgb *msg, uint32_t callref, struct msgb **data)
|
|||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (payload_len > MAX_RTP_PAYLOAD_LEN) {
|
||||
if (payload_len > MAX_RTP_PAYLOAD_LEN ||
|
||||
(rtph->payload_type == RTP_PT_AMR &&
|
||||
payload_len > MAX_RTP_PAYLOAD_LEN - 1)) {
|
||||
DEBUGPC(DLMUX, "RTP payload too large (%d octets)\n",
|
||||
payload_len);
|
||||
return -EINVAL;
|
||||
|
|
Loading…
Reference in New Issue