On Mon, Jan 14, 2013 at 04:02:22PM +0100, Javier Serrano Polo wrote:
> AST-2012-014: b/channels/chan_sip.c
>
> @@ -3078,7 +3079,7 @@ static void *_sip_tcp_helper_thread(stru
> req.socket.fd = tcptls_session->fd;
>
> /* Read in headers one line at a time */
> - while (req.len < 4 || strncmp(REQ_OFFSET_TO_STR(&req,
> len - 4), "\r\n\r\n", 4)) {
> + while ((req.len <= SIP_MAX_PACKET_SIZE) || (req.len < 4
> || strncmp(REQ_OFFSET_TO_STR(&req, len - 4), "\r\n\r\n", 4))) {
> if (!tcptls_session->client && !authenticated )
> {
> if ((timeout =
> sip_check_authtimeout(start)) < 0) {
> goto cleanup;
>
> Are you sure? That size hint condition should be ANDed.
You're right.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.co...@xorcom.com
+972-50-7952406 mailto:tzafrir.co...@xorcom.com
http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
