Properly check the capabilities count to avoid a segfault.

author Jason Parker <jparker@digium.com>

Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)

committer Jason Parker <jparker@digium.com>

Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)
author Jason Parker <jparker@digium.com>
Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)
committer Jason Parker <jparker@digium.com>
Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c

index 2bde2e2d836a80487a7d54ec21a2969023929cbd..3bbc1bae2823a91230af8dffa1efa2c527407dad 100644 (file)
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -202,9 +202,11 @@ struct station_capabilities {
         } payloads;
  };
  
+#define SKINNY_MAX_CAPABILITIES 18
+
  struct capabilities_res_message {
         uint32_t count;
-       struct station_capabilities caps[18];
+       struct station_capabilities caps[SKINNY_MAX_CAPABILITIES];
  };
  
  #define SPEED_DIAL_STAT_REQ_MESSAGE 0x000A
@@ -3459,11 +3461,15 @@ static int handle_capabilities_res_message(struct skinny_req *req, struct skinny
  {
         struct skinny_device *d = s->device;
         struct skinny_line *l;
-       int count = 0;
+       uint32_t count = 0;
         int codecs = 0;
         int i;
  
         count = letohl(req->data.caps.count);
+       if (count > SKINNY_MAX_CAPABILITIES) {
+               count = SKINNY_MAX_CAPABILITIES;
+               ast_log(LOG_WARNING, "Received more capabilities than we can handle (%d).  Ignoring the rest.\n", SKINNY_MAX_CAPABILITIES);
+       }
  
         for (i = 0; i < count; i++) {
                 int acodec = 0;
author	Jason Parker <jparker@digium.com>
	Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)
committer	Jason Parker <jparker@digium.com>
	Tue, 7 Aug 2007 18:25:15 +0000 (18:25 +0000)