git.openwrt.org Git - feed/telephony.git/blob

   1 From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001
   2 From: sauwming <ming@teluu.com>
   3 Date: Tue, 7 Jun 2022 12:00:13 +0800
   4 Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj
   5
   6 ---
   7  pjlib-util/src/pjlib-util/stun_simple.c | 7 ++++++-
   8  1 file changed, 6 insertions(+), 1 deletion(-)
   9
  10 --- a/pjlib-util/src/pjlib-util/stun_simple.c
  11 +++ b/pjlib-util/src/pjlib-util/stun_simple.c
  12 @@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( vo
  13  {
  14      pj_uint16_t msg_type, msg_len;
  15      char *p_attr;
  16 +    int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
  17
  18      PJ_CHECK_STACK();
  19
  20 @@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( vo
  21      msg->attr_count = 0;
  22      p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
  23
  24 -    while (msg_len > 0) {
  25 +    while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
  26         pjstun_attr_hdr **attr = &msg->attr[msg->attr_count];
  27         pj_uint32_t len;
  28         pj_uint16_t attr_type;
  29 @@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( vo
  30         p_attr += len;
  31         ++msg->attr_count;
  32      }
  33 +    if (msg->attr_count == attr_max_cnt) {
  34 +       PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
  35 +                  attr_max_cnt));
  36 +    }
  37
  38      return PJ_SUCCESS;
  39  }