kenmirrors
/
freeswitch
mirror of https://github.com/signalwire/freeswitch.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix buffer overrun that could have been exploited with a crafted skinny packet designed to exploit this mistake in bounds checking.

This commit is contained in:
Michael Jerris 2014-04-26 15:29:01 -04:00
parent 2e45fc0619
commit 96c6abbe69
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mod/endpoints/mod_skinny/skinny_server.c
View File

@ -2316,7 +2316,7 @@ switch_status_t skinny_handle_updatecapabilities(listener_t *listener, skinny_me
uint32_t i = 0;
uint32_t n = 0;
char *codec_order[SWITCH_MAX_CODECS];
char *codec_order[SKINNY_MAX_CAPABILITIES];
char *codec_string;
size_t string_len, string_pos, pos;
@ -2329,8 +2329,8 @@ switch_status_t skinny_handle_updatecapabilities(listener_t *listener, skinny_me
skinny_check_data_length(request, sizeof(request->data.upd_cap.audio_cap_count));
n = request->data.upd_cap.audio_cap_count;
if (n > SWITCH_MAX_CODECS) {
n = SWITCH_MAX_CODECS;
if (n > SKINNY_MAX_CAPABILITIES) {
n = SKINNY_MAX_CAPABILITIES;
}
string_len = -1;