Browse code

core: parser - ensure content lenght value does not exceed max int

(cherry picked from commit f769011743feccde0fbca8531ab4e1b3563bf155)
(cherry picked from commit cd4c6ef6022fa6b4453c9e2feb091d3dd7776311)
(cherry picked from commit 61d80860ead2adf93ffecb1318048bb04768bf51)

Daniel-Constantin Mierla authored on 06/09/2021 11:51:32 • Henning Westerholt committed on 22/10/2021 12:11:36
Showing 1 changed files
... ...
@@ -233,6 +233,10 @@ char* parse_content_length(char* const buffer, const char* const end,
233 233
 	size = 0;
234 234
 	number = 0;
235 235
 	while (p<end && *p>='0' && *p<='9') {
236
+		if(number >= INT_MAX/10) {
237
+			LM_ERR("content lenght value is too large\n");
238
+			goto error;
239
+		}
236 240
 		number = number*10 + (*p)-'0';
237 241
 		size ++;
238 242
 		p++;