From: Travis Cross Date: Tue, 8 Apr 2014 21:04:59 +0000 (+0000) Subject: Add immediate sanity check on untrusted length X-Git-Tag: v1.5.12~224 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=16365501;p=thirdparty%2Ffreeswitch.git Add immediate sanity check on untrusted length We were actually checking this indirectly in the loop that follows, but it's more clear to check this immediately and directly. --- diff --git a/src/switch_stun.c b/src/switch_stun.c index c853a08149..55f8a65eac 100644 --- a/src/switch_stun.c +++ b/src/switch_stun.c @@ -129,7 +129,8 @@ SWITCH_DECLARE(switch_stun_packet_t *) switch_stun_packet_parse(uint8_t *buf, ui packet = (switch_stun_packet_t *) buf; packet->header.type = ntohs(packet->header.type); packet->header.length = ntohs(packet->header.length); - bytes_left -= 20; + if (packet->header.length > (bytes_left -= 20)) + return NULL; /*