Fix a potential integer signedness problem.
authorJason Parker <jparker@digium.com>
Mon, 21 Aug 2006 07:34:59 +0000 (07:34 +0000)
committerJason Parker <jparker@digium.com>
Mon, 21 Aug 2006 07:34:59 +0000 (07:34 +0000)
Also fix some locking issues I found at the same time.

Issue 7770, original patch by alamantia

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@40757 65c4cc65-6c06-0410-ace0-fbb531ad65f3

channels/chan_skinny.c

index 4d31969..acd6ad9 100644 (file)
@@ -3927,12 +3927,19 @@ static int get_input(struct skinnysession *s)
                res = read(s->fd, s->inbuf, 4);
                if (res < 0) {
                        ast_log(LOG_WARNING, "read() returned error: %s\n", strerror(errno));
+                       ast_mutex_unlock(&s->lock);
                        return res;
                } else if (res != 4) {
                        ast_log(LOG_WARNING, "Skinny Client sent less data than expected.  Expected 4 but got %d.\n", res);
+                       ast_mutex_unlock(&s->lock);
                        return -1;
                }
                dlen = letohl(*(int *)s->inbuf);
+               if (dlen < 0) {
+                       ast_log(LOG_WARNING, "Skinny Client sent invalid data.\n");
+                       ast_mutex_unlock(&s->lock);
+                       return -1;
+               }
                if (dlen+8 > sizeof(s->inbuf)) {
                        dlen = sizeof(s->inbuf) - 8;
                }