Perform proper heap bounds checking on skinny messages (bug #1726)
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@3085 f38db490-d61c-443f-a65b-d21fe96a405b
This commit is contained in:
parent
487b389645
commit
499ff3d55b
|
@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s)
|
|||
return -1;
|
||||
}
|
||||
dlen = *(int *)s->inbuf;
|
||||
if (dlen+8 > sizeof(s->inbuf))
|
||||
dlen = sizeof(s->inbuf) - 8;
|
||||
res = read(s->fd, s->inbuf+4, dlen+4);
|
||||
ast_mutex_unlock(&s->lock);
|
||||
if (res != (dlen+4)) {
|
||||
|
|
Reference in New Issue