From: Russell Bryant Date: Tue, 17 Jul 2007 20:58:40 +0000 (+0000) Subject: Merged revisions 75450 via svnmerge from X-Git-Tag: 1.6.0-beta1~3^2~2038 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91e2afe4e7c05a2adfe4d3e9b978d5b6ea119bdb;p=thirdparty%2Fasterisk.git Merged revisions 75450 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ................ r75450 | russell | 2007-07-17 15:57:56 -0500 (Tue, 17 Jul 2007) | 11 lines Merged revisions 75449 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.2 ........ r75449 | russell | 2007-07-17 15:57:09 -0500 (Tue, 17 Jul 2007) | 3 lines Properly check for the length in the skinny packet to prevent an invalid memcpy. (ASA-2007-016) ........ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@75451 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index 9a122cc6f3..f55002d641 100644 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -4587,7 +4587,7 @@ static int get_input(struct skinnysession *s) } dlen = letohl(*(int *)s->inbuf); - if (dlen < 0) { + if (dlen < 4) { ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n"); ast_mutex_unlock(&s->lock); return -1;