[sr-dev] git:sr_3.0: nathelper(k): safety check for content length

Daniel-Constantin Mierla Wed, 17 Mar 2010 12:05:19 -0700

Module: sip-router
Branch: sr_3.0
Commit: e7d3e36a5fa22d54c3ed54726c6818c7ce9dab1f
URL:    
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e7d3e36a5fa22d54c3ed54726c6818c7ce9dab1f


Author: Daniel-Constantin Mierla <[email protected]>
Committer: Daniel-Constantin Mierla <[email protected]>
Date:   Wed Mar 17 20:00:59 2010 +0100

nathelper(k): safety check for content length

- patch by Marcus Hunger, SF#2961414
(cherry picked from commit fb4f98a341322904a92c6f12396f5795a3275c08)

---

 modules_k/nathelper/nhelpr_funcs.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/modules_k/nathelper/nhelpr_funcs.c 
b/modules_k/nathelper/nhelpr_funcs.c
index 07271f2..3fb5f65 100644
--- a/modules_k/nathelper/nhelpr_funcs.c
+++ b/modules_k/nathelper/nhelpr_funcs.c
@@ -196,7 +196,13 @@ int extract_body(struct sip_msg *msg, str *body )
                LM_ERR("message body has length zero\n");
                goto error;
        }
-       
+
+       if (body->len + body->s > msg->buf + msg->len) {
+               LM_ERR("content-length exceeds packet-length by %d\n",
+                               (body->len + body->s) - (msg->buf + msg->len));
+               goto error;
+       }
+
        /* no need for parse_headers(msg, EOH), get_body will 
         * parse everything */
        /*is the content type correct?*/


_______________________________________________
sr-dev mailing list
[email protected]
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:sr_3.0: nathelper(k): safety check for content length

Reply via email to