commit | e67556e96f135aff7ebb80ad3b8ae89973bbcdaa | [log] [tgz] |
---|---|---|
author | Harald Welte <laforge@gnumonks.org> | Tue May 04 10:59:23 2010 +0200 |
committer | Harald Welte <laforge@gnumonks.org> | Tue May 04 10:59:23 2010 +0200 |
tree | 665a3853e0b1fc11bca6b8c3bdeaaa7c0c24f480 | |
parent | dd69266b10c782b92c354d2445e46ffdec51c591 [diff] |
[SECURITY] Fix GTPIE parsing DoS This is taken from http://sourceforge.net/tracker/index.php?func=detail&aid=1811511&group_id=68956&atid=522957 and http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg402969.html and addresses a DoS: The problem lies in the parsing of information elements in GTP messages, which is implemented in the gtpie_decaps function of gtp/gtpie.c file. The implementation has a bug that does not check if there are too many information elements in the message thus causing the software to loop infinitely in the while-loop. In addition, handling routine for the error situation had to be implemented outside the while-loop.