Skip to content

Commit 450baca

Browse files
authored
Merge pull request from GHSA-26j7-ww69-c4qj
1 parent 0cdd34c commit 450baca

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

Diff for: pjlib-util/src/pjlib-util/stun_simple.c

+6-1
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
5454
{
5555
pj_uint16_t msg_type, msg_len;
5656
char *p_attr;
57+
int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
5758

5859
PJ_CHECK_STACK();
5960

@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
8384
msg->attr_count = 0;
8485
p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
8586

86-
while (msg_len > 0) {
87+
while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
8788
pjstun_attr_hdr **attr = &msg->attr[msg->attr_count];
8889
pj_uint32_t len;
8990
pj_uint16_t attr_type;
@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
111112
p_attr += len;
112113
++msg->attr_count;
113114
}
115+
if (msg->attr_count == attr_max_cnt) {
116+
PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
117+
attr_max_cnt));
118+
}
114119

115120
return PJ_SUCCESS;
116121
}

0 commit comments

Comments
 (0)