Preston_PLB/freeswitch
1
0
Fork 0
forked from Mirrors/freeswitch
Code Pull Requests Activity

Add immediate sanity check on untrusted length

Browse Source 
We were actually checking this indirectly in the loop that follows,
but it's more clear to check this immediately and directly.
This commit is contained in:
Travis Cross 2014-04-08 21:04:59 +00:00
parent 711e49c46a
commit 1636550176
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/switch_stun.c
View File

@ -129,7 +129,8 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui
packet = (switch_stun_packet_t *) buf; packet = (switch_stun_packet_t *) buf;
packet->header.type = ntohs(packet->header.type); packet->header.type = ntohs(packet->header.type);
packet->header.length = ntohs(packet->header.length); packet->header.length = ntohs(packet->header.length);
bytes_left -= 20; if (packet->header.length > (bytes_left -= 20))
return NULL;
/* /*