[sr-dev] git:kamailio_3.0: nathelper(k): safety check for content length

Daniel-Constantin Mierla miconda at gmail.com
Wed Mar 17 20:04:36 CET 2010


Module: sip-router
Branch: kamailio_3.0
Commit: 682ef1b6104ec62e4ec60eefa404c9403f6645c8
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=682ef1b6104ec62e4ec60eefa404c9403f6645c8

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date:   Wed Mar 17 20:00:59 2010 +0100

nathelper(k): safety check for content length

- patch by Marcus Hunger, SF#2961414
(cherry picked from commit fb4f98a341322904a92c6f12396f5795a3275c08)

---

 modules_k/nathelper/nhelpr_funcs.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/modules_k/nathelper/nhelpr_funcs.c b/modules_k/nathelper/nhelpr_funcs.c
index 07271f2..3fb5f65 100644
--- a/modules_k/nathelper/nhelpr_funcs.c
+++ b/modules_k/nathelper/nhelpr_funcs.c
@@ -196,7 +196,13 @@ int extract_body(struct sip_msg *msg, str *body )
 		LM_ERR("message body has length zero\n");
 		goto error;
 	}
-	
+
+	if (body->len + body->s > msg->buf + msg->len) {
+		LM_ERR("content-length exceeds packet-length by %d\n",
+				(body->len + body->s) - (msg->buf + msg->len));
+		goto error;
+	}
+
 	/* no need for parse_headers(msg, EOH), get_body will 
 	 * parse everything */
 	/*is the content type correct?*/




More information about the sr-dev mailing list