Module: kamailio Branch: master Commit: 87e1a4a7f5d565a59a362f22e9372697f2f2f2af URL: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2024-07-12T08:06:36+02:00
stun: check message len for response
---
Modified: src/modules/stun/kam_stun.c
---
Diff: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697... Patch: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697...
---
diff --git a/src/modules/stun/kam_stun.c b/src/modules/stun/kam_stun.c index b3c1e7877d3..3ad42ff1636 100644 --- a/src/modules/stun/kam_stun.c +++ b/src/modules/stun/kam_stun.c @@ -512,6 +512,10 @@ static int stun_create_response(struct stun_msg *req, struct stun_msg *res, } }
+ if(res->msg.buf.len < sizeof(struct stun_hdr)) { + LM_ERR("invalid message\n"); + return FATAL_ERROR; + } res->hdr.len = htons(res->msg.buf.len - sizeof(struct stun_hdr)); memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *)&res->hdr.len, sizeof(USHORT_T));
-
Daniel-Constantin Mierla