Merged revisions 75449 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.2

........
r75449 | russell | 2007-07-17 15:57:09 -0500 (Tue, 17 Jul 2007) | 3 lines

Properly check for the length in the skinny packet to prevent an invalid memcpy.
(ASA-2007-016)

........

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@75450 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 64b22080e1663355f5c1ca415f35dcd3c3eeaf58..841778c6eb4db940a6be2685c7534b16198dcc55 100644 (file)
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -4286,7 +4286,7 @@ static int get_input(struct skinnysession *s)
                }
                
                dlen = letohl(*(int *)s->inbuf);
-               if (dlen < 0) {
+               if (dlen < 4) {
                        ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
                        ast_mutex_unlock(&s->lock);
                        return -1;