Harald Welte
e67556e96f
This is taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811511&group_id=68956&atid=522957 and http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg402969.html and addresses a DoS: The problem lies in the parsing of information elements in GTP messages, which is implemented in the gtpie_decaps function of gtp/gtpie.c file. The implementation has a bug that does not check if there are too many information elements in the message thus causing the software to loop infinitely in the while-loop. In addition, handling routine for the error situation had to be implemented outside the while-loop. |
||
---|---|---|
.. | ||
Makefile.am | ||
gtp.c | ||
gtp.h | ||
gtpie.c | ||
gtpie.h | ||
lookupa.c | ||
lookupa.h | ||
pdp.c | ||
pdp.h | ||
queue.c | ||
queue.h |