Module: kamailio Branch: master Commit: 3fc061dfa3a0db26591164af88abb6ce31afc61a URL: https://github.com/kamailio/kamailio/commit/3fc061dfa3a0db26591164af88abb6ce31afc61a
Author: Xenofon Karamanos <[email protected]> Committer: Xenofon Karamanos <[email protected]> Date: 2026-05-04T16:27:52Z evapi: Limit digits allowed --- Modified: src/modules/evapi/evapi_dispatch.c --- Diff: https://github.com/kamailio/kamailio/commit/3fc061dfa3a0db26591164af88abb6ce31afc61a.diff Patch: https://github.com/kamailio/kamailio/commit/3fc061dfa3a0db26591164af88abb6ce31afc61a.patch --- diff --git a/src/modules/evapi/evapi_dispatch.c b/src/modules/evapi/evapi_dispatch.c index 91c455e9651..efae236bdbf 100644 --- a/src/modules/evapi/evapi_dispatch.c +++ b/src/modules/evapi/evapi_dispatch.c @@ -635,6 +635,14 @@ void evapi_recv_client(struct ev_loop *loop, struct ev_io *watcher, int revents) while(k < _evapi_clients[i].rpos + rlen) { if(_evapi_clients[i].rbuffer[k] >= '0' && _evapi_clients[i].rbuffer[k] <= '9') { + if(frame.len > INT_MAX / 10 + || (_evapi_clients[i].rbuffer[k] - '0') + > (INT_MAX - frame.len * 10)) { + /* overflow - invalid frame */ + LM_ERR("frame length overflow. 10+ digits \n"); + _evapi_clients[i].rpos = 0; + return; + } frame.len = frame.len * 10 + _evapi_clients[i].rbuffer[k] - '0'; } else { _______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
