laforge submitted this change.

View Change


Approvals: pespin: Looks good to me, approved fixeria: Looks good to me, but someone else must approve Jenkins Builder: Verified 
mgcp_parse_audio_port_pt(): fix buffer overflow

Change-Id: I18c78d15eb1593f404b4741248225b68878b463f
---
M src/libosmo-mgcp-client/mgcp_client.c
1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c
index 5df4560..b5897a6 100644
--- a/src/libosmo-mgcp-client/mgcp_client.c
+++ b/src/libosmo-mgcp-client/mgcp_client.c
@@ -319,7 +319,7 @@
 	pt_str = strtok(line, " ");
 	while (1) {
 		/* Do not allow excessive payload types */
-		if (count > ARRAY_SIZE(r->codecs))
+		if (count >= ARRAY_SIZE(r->codecs))
 			goto response_parse_failure_pt;
 
 		pt_str = strtok(NULL, " ");

To view, visit change 34898. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: osmo-mgw
Gerrit-Branch: master
Gerrit-Change-Id: I18c78d15eb1593f404b4741248225b68878b463f
Gerrit-Change-Number: 34898
Gerrit-PatchSet: 3
Gerrit-Owner: neels <nhofmeyr@sysmocom.de>
Gerrit-Reviewer: Jenkins Builder
Gerrit-Reviewer: fixeria <vyanitskiy@sysmocom.de>
Gerrit-Reviewer: laforge <laforge@osmocom.org>
Gerrit-Reviewer: pespin <pespin@sysmocom.de>
Gerrit-MessageType: merged