From: Michael Jerris <mike@jerris.com>
Date: Tue, 12 May 2015 00:46:27 +0000 (-0500)
Subject: FS-7184: add buffer overflow check in udptl_rx_packet
X-Git-Tag: v1.4.19~6^2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbc550a26dd8643c238205f63133dc0d87d1ea14;p=thirdparty%2Ffreeswitch.git

FS-7184: add buffer overflow check in udptl_rx_packet
---

diff --git a/src/mod/applications/mod_spandsp/udptl.c b/src/mod/applications/mod_spandsp/udptl.c
index d1e21d648d..874c30b686 100644
--- a/src/mod/applications/mod_spandsp/udptl.c
+++ b/src/mod/applications/mod_spandsp/udptl.c
@@ -223,6 +223,9 @@ int udptl_rx_packet(udptl_state_t *s, const uint8_t buf[], int len)
 			if ((stat = decode_length(buf, len, &ptr, &count)) < 0)
 				return -1;
 			for (i = 0; i < count; i++) {
+				if (total_count + i >= 16) {
+					return -1;
+				}
 				if (decode_open_type(buf, len, &ptr, &bufs[total_count + i], &lengths[total_count + i]) != 0)
 					return -1;
 			}