Browse code

rr: use port.len to check for buffer overflow instead of max port len

- reported by Kevin Wojtysiak
(from commit 28a8b87885e373bee8cc81985277ae718973fdfd)

Henning Westerholt authored on 19/04/2013 09:04:39
Showing 1 changed files
... ...
@@ -366,7 +366,7 @@ static inline int get_maddr_uri(str *uri, struct sip_uri *puri)
366 366
 		return 0;
367 367
 
368 368
 	/* sip: + maddr + : + port */
369
-	if( (puri->maddr_val.len) > (127 - 10) )
369
+	if( (puri->maddr_val.len) > (127 - 6 - puri->port.len) )
370 370
 	{
371 371
 		LM_ERR( "Too long maddr parameter\n");
372 372
 		return RR_ERROR;