Perform proper heap bounds checking on skinny messages (bug #1726)

git-svn-id: http://svn.digium.com/svn/asterisk/trunk@3085 f38db490-d61c-443f-a65b-d21fe96a405b
author: markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> 2004-05-26 23:15:23 +0000
committer: markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b> 2004-05-26 23:15:23 +0000
commit: 499ff3d55bbfcc8a7103cd327f90d2f1733039ed (patch)
tree: aff0c6cb497ec701d98a383b490460bee470322b
parent: 487b389645ee24d69428faa43e5a702f4cff76f4 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index fa0fb809d..ec15a2c39 100755
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s)
 			return -1;
 		}
 		dlen = *(int *)s->inbuf;
+		if (dlen+8 > sizeof(s->inbuf))
+			dlen = sizeof(s->inbuf) - 8;
 		res = read(s->fd, s->inbuf+4, dlen+4);
 		ast_mutex_unlock(&s->lock);
 		if (res != (dlen+4)) {
author	markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b>	2004-05-26 23:15:23 +0000
committer	markster <markster@f38db490-d61c-443f-a65b-d21fe96a405b>	2004-05-26 23:15:23 +0000
commit	499ff3d55bbfcc8a7103cd327f90d2f1733039ed (patch)
tree	aff0c6cb497ec701d98a383b490460bee470322b
parent	487b389645ee24d69428faa43e5a702f4cff76f4 (diff)