Merged revisions 75450 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.4

................
r75450 | russell | 2007-07-17 15:57:56 -0500 (Tue, 17 Jul 2007) | 11 lines

Merged revisions 75449 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r75449 | russell | 2007-07-17 15:57:09 -0500 (Tue, 17 Jul 2007) | 3 lines

Properly check for the length in the skinny packet to prevent an invalid memcpy.
(ASA-2007-016)

........

................

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@75451 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 9a122cc6f3a36b2a641073dbcece070d1aac7cdd..f55002d641a3c98535570225ba8242705106a711 100644 (file)
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -4587,7 +4587,7 @@ static int get_input(struct skinnysession *s)
                }
                
                dlen = letohl(*(int *)s->inbuf);
-               if (dlen < 0) {
+               if (dlen < 4) {
                        ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
                        ast_mutex_unlock(&s->lock);
                        return -1;