[Pkg-telepathy-commits] [libnice] 206/265: Fix possible segfault in stun_message_validate_buffer_length()
Simon McVittie
smcv at debian.org
Wed May 14 12:05:08 UTC 2014
This is an automated email from the git hooks/post-receive script.
smcv pushed a commit to branch debian
in repository libnice.
commit 8332ca30f76da79db0a84e9da472cf36487e657b
Author: Jakub Adam <jakub.adam at ktknet.cz>
Date: Sat Jun 4 23:25:33 2011 +0200
Fix possible segfault in stun_message_validate_buffer_length()
---
stun/stunmessage.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/stun/stunmessage.c b/stun/stunmessage.c
index e35b3b6..b9c02b7 100644
--- a/stun/stunmessage.c
+++ b/stun/stunmessage.c
@@ -623,7 +623,16 @@ int stun_message_validate_buffer_length (const uint8_t *msg, size_t length,
/* from then on, we know we have the entire packet in buffer */
while (len > 0)
{
- size_t alen = stun_getw (msg + STUN_ATTRIBUTE_TYPE_LEN);
+ size_t alen;
+
+ if (len < 4)
+ {
+ stun_debug ("STUN error: Incomplete STUN attribute header of length "
+ "%u bytes!\n", (unsigned)len);
+ return STUN_MESSAGE_BUFFER_INVALID;
+ }
+
+ alen = stun_getw (msg + STUN_ATTRIBUTE_TYPE_LEN);
if (has_padding)
alen = stun_align (alen);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-telepathy/libnice.git
More information about the Pkg-telepathy-commits
mailing list