Browse code

Merge pull request #98 from tsearle/master

modules/sipt: fix bounds check on ACM

tsearle authored on 25/02/2015 07:37:02
Showing 1 changed files
... ...
@@ -316,13 +316,14 @@ int isup_update_bci_1(struct sdp_mangler * mangle, int charge_indicator, int cal
316 316
 		return 1;
317 317
 	}
318 318
 
319
-	if (len < sizeof(struct isup_acm_fixed))
319
+	// add minus 1 because the optinal pointer is optional
320
+	if (len < sizeof(struct isup_acm_fixed) -1 )
320 321
 		return -1;
321 322
 
322 323
 	bci = (charge_indicator & 0x3) | ((called_status & 0x3)<<2) |
323 324
 		((called_category & 0x3)<<4) | ((e2e_indicator & 0x3)<<6);
324 325
 
325
-	add_body_segment(mangle, offsetof(struct isup_acm_fixed, backwards_call_ind), &bci, 1);
326
+	replace_body_segment(mangle, offsetof(struct isup_acm_fixed, backwards_call_ind), 1, &bci, 1);
326 327
 
327 328
 	return sizeof(struct isup_acm_fixed);
328 329
 }