From ec14976ac38efa2972541fb549823a4fc9f1373b Mon Sep 17 00:00:00 2001
From: Mark Spencer <markster@digium.com>
Date: Wed, 26 May 2004 23:15:23 +0000
Subject: [PATCH] Perform proper heap bounds checking on skinny messages (bug
 #1726)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3085 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 channels/chan_skinny.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index fa0fb809d5..ec15a2c393 100755
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -2261,6 +2261,8 @@ static int get_input(struct skinnysession *s)
 			return -1;
 		}
 		dlen = *(int *)s->inbuf;
+		if (dlen+8 > sizeof(s->inbuf))
+			dlen = sizeof(s->inbuf) - 8;
 		res = read(s->fd, s->inbuf+4, dlen+4);
 		ast_mutex_unlock(&s->lock);
 		if (res != (dlen+4)) {
-- 
GitLab