[sr-dev] git:master:f7690117: core: parser - ensure content lenght value does not exceed max int

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 6 13:52:25 CEST 2021


Module: kamailio
Branch: master
Commit: f769011743feccde0fbca8531ab4e1b3563bf155
URL: https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-09-06T13:51:32+02:00

core: parser - ensure content lenght value does not exceed max int

---

Modified: src/core/parser/parse_content.c

---

Diff:  https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155.diff
Patch: https://github.com/kamailio/kamailio/commit/f769011743feccde0fbca8531ab4e1b3563bf155.patch

---

diff --git a/src/core/parser/parse_content.c b/src/core/parser/parse_content.c
index 34cdd40e36..ee56e09b7a 100644
--- a/src/core/parser/parse_content.c
+++ b/src/core/parser/parse_content.c
@@ -233,6 +233,10 @@ char* parse_content_length(char* const buffer, const char* const end,
 	size = 0;
 	number = 0;
 	while (p<end && *p>='0' && *p<='9') {
+		if(number >= INT_MAX/10) {
+			LM_ERR("content lenght value is too large\n");
+			goto error;
+		}
 		number = number*10 + (*p)-'0';
 		size ++;
 		p++;




More information about the sr-dev mailing list