Module: kamailio Branch: master Commit: 87e1a4a7f5d565a59a362f22e9372697f2f2f2af URL: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697f2f2f2af
Author: Daniel-Constantin Mierla <mico...@gmail.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2024-07-12T08:06:36+02:00 stun: check message len for response --- Modified: src/modules/stun/kam_stun.c --- Diff: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697f2f2f2af.diff Patch: https://github.com/kamailio/kamailio/commit/87e1a4a7f5d565a59a362f22e9372697f2f2f2af.patch --- diff --git a/src/modules/stun/kam_stun.c b/src/modules/stun/kam_stun.c index b3c1e7877d3..3ad42ff1636 100644 --- a/src/modules/stun/kam_stun.c +++ b/src/modules/stun/kam_stun.c @@ -512,6 +512,10 @@ static int stun_create_response(struct stun_msg *req, struct stun_msg *res, } } + if(res->msg.buf.len < sizeof(struct stun_hdr)) { + LM_ERR("invalid message\n"); + return FATAL_ERROR; + } res->hdr.len = htons(res->msg.buf.len - sizeof(struct stun_hdr)); memcpy(&res->msg.buf.s[sizeof(USHORT_T)], (void *)&res->hdr.len, sizeof(USHORT_T)); _______________________________________________ Kamailio (SER) - Development Mailing List To unsubscribe send an email to sr-dev-le...@lists.kamailio.org
