On Mon, Jan 14, 2013 at 04:02:22PM +0100, Javier Serrano Polo wrote: > AST-2012-014: b/channels/chan_sip.c > > @@ -3078,7 +3079,7 @@ static void *_sip_tcp_helper_thread(stru > req.socket.fd = tcptls_session->fd; > > /* Read in headers one line at a time */ > - while (req.len < 4 || strncmp(REQ_OFFSET_TO_STR(&req, > len - 4), "\r\n\r\n", 4)) { > + while ((req.len <= SIP_MAX_PACKET_SIZE) || (req.len < 4 > || strncmp(REQ_OFFSET_TO_STR(&req, len - 4), "\r\n\r\n", 4))) { > if (!tcptls_session->client && !authenticated ) > { > if ((timeout = > sip_check_authtimeout(start)) < 0) { > goto cleanup; > > Are you sure? That size hint condition should be ANDed.
You're right. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org