From 149db244654c394292247b532bc287abc7219de5 Mon Sep 17 00:00:00 2001 From: Leo Date: Tue, 23 Apr 2019 21:52:49 -0300 Subject: main/libnice: update to 0.1.15 --- .../0002-avoid-potential-integer-overflow.patch | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 main/libnice/0002-avoid-potential-integer-overflow.patch (limited to 'main/libnice/0002-avoid-potential-integer-overflow.patch') diff --git a/main/libnice/0002-avoid-potential-integer-overflow.patch b/main/libnice/0002-avoid-potential-integer-overflow.patch new file mode 100644 index 0000000000..d1e2fdf3e9 --- /dev/null +++ b/main/libnice/0002-avoid-potential-integer-overflow.patch @@ -0,0 +1,32 @@ +From 6b1eec0630516698ac9cd3343ef7eb8515fee231 Mon Sep 17 00:00:00 2001 +From: Jakub Adam +Date: Thu, 3 Jan 2019 21:26:41 +0100 +Subject: [PATCH] udp-turn: Avoid potential integer overflow + +--- + socket/udp-turn.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/socket/udp-turn.c b/socket/udp-turn.c +index 1bc5e031..c3b152d1 100644 +--- a/socket/udp-turn.c ++++ b/socket/udp-turn.c +@@ -362,7 +362,7 @@ socket_recv_messages (NiceSocket *sock, + guint f_buffer_len = priv->fragment_buffer->len; + + for (i = 0; i < n_recv_messages && f_buffer_len >= sizeof (guint16); ++i) { +- guint16 msg_len = ((f_buffer[0] << 8) | f_buffer[1]) + sizeof (guint16); ++ guint32 msg_len = ((f_buffer[0] << 8) | f_buffer[1]) + sizeof (guint16); + + if (msg_len > f_buffer_len) { + /* The next message in the buffer isn't complete yet. Wait for more +@@ -450,7 +450,7 @@ socket_recv_messages (NiceSocket *sock, + if (nice_socket_is_reliable (sock) && parsed_buffer_length > 0) { + /* Determine the portion of the current NiceInputMessage we can already + * return. */ +- guint16 msg_len = 0; ++ gint32 msg_len = 0; + if (!priv->fragment_buffer) { + msg_len = ((buffer[0] << 8) | buffer[1]) + sizeof (guint16); + if (msg_len > parsed_buffer_length) { + -- cgit v1.2.3