ooh323c: not checking for IE minimum length
When decoding q.931 encoded calling/called number now checking for length being less than minimum required. ASTERISK-30103 Change-Id: I3dcfce0f35eca258dc450f87c92d4d7af402c2e7
This commit is contained in:
Mike Bradeen
Gerrit
parent
c7df5ee7c1
commit
eb1d7ab53c
|
|
@ -192,11 +192,13 @@ EXTERN int ooQ931Decode
|
||||||
screening indicators ;-) */
|
screening indicators ;-) */
|
||||||
if(ie->discriminator == Q931CallingPartyNumberIE)
|
if(ie->discriminator == Q931CallingPartyNumberIE)
|
||||||
{
|
{
|
||||||
|
int numoffset=1;
|
||||||
OOTRACEDBGB1(" CallingPartyNumber IE = {\n");
|
OOTRACEDBGB1(" CallingPartyNumber IE = {\n");
|
||||||
if(ie->length < OO_MAX_NUMBER_LENGTH)
|
if(!(0x80 & ie->data[0])) numoffset = 2;
|
||||||
|
|
||||||
|
if( (ie->length >= numoffset) &&
|
||||||
|
(ie->length < OO_MAX_NUMBER_LENGTH) )
|
||||||
{
|
{
|
||||||
int numoffset=1;
|
|
||||||
if(!(0x80 & ie->data[0])) numoffset = 2;
|
|
||||||
memcpy(number, ie->data+numoffset,ie->length-numoffset);
|
memcpy(number, ie->data+numoffset,ie->length-numoffset);
|
||||||
number[ie->length-numoffset]='\0';
|
number[ie->length-numoffset]='\0';
|
||||||
OOTRACEDBGB2(" %s\n", number);
|
OOTRACEDBGB2(" %s\n", number);
|
||||||
|
|
@ -204,7 +206,7 @@ EXTERN int ooQ931Decode
|
||||||
ooCallSetCallingPartyNumber(call, number);
|
ooCallSetCallingPartyNumber(call, number);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
OOTRACEERR3("Error:Calling party number too long. (%s, %s)\n",
|
OOTRACEERR3("Error:Calling party number outside range. (%s, %s)\n",
|
||||||
call->callType, call->callToken);
|
call->callType, call->callToken);
|
||||||
}
|
}
|
||||||
OOTRACEDBGB1(" }\n");
|
OOTRACEDBGB1(" }\n");
|
||||||
|
|
@ -214,7 +216,8 @@ EXTERN int ooQ931Decode
|
||||||
if(ie->discriminator == Q931CalledPartyNumberIE)
|
if(ie->discriminator == Q931CalledPartyNumberIE)
|
||||||
{
|
{
|
||||||
OOTRACEDBGB1(" CalledPartyNumber IE = {\n");
|
OOTRACEDBGB1(" CalledPartyNumber IE = {\n");
|
||||||
if(ie->length < OO_MAX_NUMBER_LENGTH)
|
if( (ie->length >= 1) &&
|
||||||
|
(ie->length < OO_MAX_NUMBER_LENGTH) )
|
||||||
{
|
{
|
||||||
memcpy(number, ie->data+1,ie->length-1);
|
memcpy(number, ie->data+1,ie->length-1);
|
||||||
number[ie->length-1]='\0';
|
number[ie->length-1]='\0';
|
||||||
|
|
@ -223,7 +226,7 @@ EXTERN int ooQ931Decode
|
||||||
ooCallSetCalledPartyNumber(call, number);
|
ooCallSetCalledPartyNumber(call, number);
|
||||||
}
|
}
|
||||||
else{
|
else{
|
||||||
OOTRACEERR3("Error:Calling party number too long. (%s, %s)\n",
|
OOTRACEERR3("Error:Calling party number outside range. (%s, %s)\n",
|
||||||
call->callType, call->callToken);
|
call->callType, call->callToken);
|
||||||
}
|
}
|
||||||
OOTRACEDBGB1(" }\n");
|
OOTRACEDBGB1(" }\n");
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue