Module: kamailio Branch: master Commit: e164aed586d4adef92e62350e30024560c19101c URL: https://github.com/kamailio/kamailio/commit/e164aed586d4adef92e62350e30024560c19101c
Author: tsearle <[email protected]> Committer: tsearle <[email protected]> Date: 2015-02-25T08:37:02+01:00 Merge pull request #98 from tsearle/master modules/sipt: fix bounds check on ACM --- Modified: modules/sipt/ss7_parser.c --- Diff: https://github.com/kamailio/kamailio/commit/e164aed586d4adef92e62350e30024560c19101c.diff Patch: https://github.com/kamailio/kamailio/commit/e164aed586d4adef92e62350e30024560c19101c.patch --- diff --git a/modules/sipt/ss7_parser.c b/modules/sipt/ss7_parser.c index 9315e43..e7554f8 100644 --- a/modules/sipt/ss7_parser.c +++ b/modules/sipt/ss7_parser.c @@ -316,13 +316,14 @@ int isup_update_bci_1(struct sdp_mangler * mangle, int charge_indicator, int cal return 1; } - if (len < sizeof(struct isup_acm_fixed)) + // add minus 1 because the optinal pointer is optional + if (len < sizeof(struct isup_acm_fixed) -1 ) return -1; bci = (charge_indicator & 0x3) | ((called_status & 0x3)<<2) | ((called_category & 0x3)<<4) | ((e2e_indicator & 0x3)<<6); - add_body_segment(mangle, offsetof(struct isup_acm_fixed, backwards_call_ind), &bci, 1); + replace_body_segment(mangle, offsetof(struct isup_acm_fixed, backwards_call_ind), 1, &bci, 1); return sizeof(struct isup_acm_fixed); } _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
