[sr-dev] git:master:f7690117: core: parser - ensure content lenght value does not exceed max int
Daniel-Constantin Mierla
miconda at gmail.com
Mon Sep 6 13:52:25 CEST 2021
Module: kamailio
Branch: master
Commit: f769011743feccde0fbca8531ab4e1b3563bf155
URL: https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-09-06T13:51:32+02:00
core: parser - ensure content lenght value does not exceed max int
---
Modified: src/core/parser/parse_content.c
---
Diff: https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155.diff
Patch: https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155.patch
---
diff --git a/src/core/parser/parse_content.c b/src/core/parser/parse_content.c
index 34cdd40e36..ee56e09b7a 100644
--- a/src/core/parser/parse_content.c
+++ b/src/core/parser/parse_content.c
@@ -233,6 +233,10 @@ char* parse_content_length(char* const buffer, const char* const end,
size = 0;
number = 0;
while (p<end && *p>='0' && *p<='9') {
+ if(number >= INT_MAX/10) {
+ LM_ERR("content lenght value is too large\n");
+ goto error;
+ }
number = number*10 + (*p)-'0';
size ++;
p++;
More information about the sr-dev
mailing list