From: Russell Bryant <russell@russellbryant.com>
Date: Tue, 17 Jul 2007 20:57:09 +0000 (+0000)
Subject: Properly check for the length in the skinny packet to prevent an invalid memcpy.
X-Git-Tag: 1.2.22~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d359de6edbd3e66347bf7dccce530cf263b2bcd3;p=thirdparty%2Fasterisk.git

Properly check for the length in the skinny packet to prevent an invalid memcpy.
(ASA-2007-016)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.2@75449 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 3cfd9d6468..c9d3f88548 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -2862,7 +2862,7 @@ static int get_input(struct skinnysession *s)
 			return -1;
 		}
 		dlen = letohl(*(int *)s->inbuf);
-		if (dlen < 0) {
+		if (dlen < 4) {
 			ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
 			return -1;
 		}