[sr-dev] git:kamailio_3.0: nathelper(k): safety check for content length
Daniel-Constantin Mierla
miconda at gmail.com
Wed Mar 17 20:04:36 CET 2010
Module: sip-router
Branch: kamailio_3.0
Commit: 682ef1b6104ec62e4ec60eefa404c9403f6645c8
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=682ef1b6104ec62e4ec60eefa404c9403f6645c8
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Wed Mar 17 20:00:59 2010 +0100
nathelper(k): safety check for content length
- patch by Marcus Hunger, SF#2961414
(cherry picked from commit fb4f98a341322904a92c6f12396f5795a3275c08)
---
modules_k/nathelper/nhelpr_funcs.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/modules_k/nathelper/nhelpr_funcs.c b/modules_k/nathelper/nhelpr_funcs.c
index 07271f2..3fb5f65 100644
--- a/modules_k/nathelper/nhelpr_funcs.c
+++ b/modules_k/nathelper/nhelpr_funcs.c
@@ -196,7 +196,13 @@ int extract_body(struct sip_msg *msg, str *body )
LM_ERR("message body has length zero\n");
goto error;
}
-
+
+ if (body->len + body->s > msg->buf + msg->len) {
+ LM_ERR("content-length exceeds packet-length by %d\n",
+ (body->len + body->s) - (msg->buf + msg->len));
+ goto error;
+ }
+
/* no need for parse_headers(msg, EOH), get_body will
* parse everything */
/*is the content type correct?*/
More information about the sr-dev
mailing list