Harald Welte
e67556e96f
This is taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811511&group_id=68956&atid=522957 and http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg402969.html and addresses a DoS: The problem lies in the parsing of information elements in GTP messages, which is implemented in the gtpie_decaps function of gtp/gtpie.c file. The implementation has a bug that does not check if there are too many information elements in the message thus causing the software to loop infinitely in the while-loop. In addition, handling routine for the error situation had to be implemented outside the while-loop. |
||
|---|---|---|
| .. | ||
| Makefile.am | ||
| gtp.c | ||
| gtp.h | ||
| gtpie.c | ||
| gtpie.h | ||
| lookupa.c | ||
| lookupa.h | ||
| pdp.c | ||
| pdp.h | ||
| queue.c | ||
| queue.h | ||