lib: Validate DTDs when parsing VersionNumberList

author: Anderson Lizardo <anderson.lizardo@openbossa.org> 2013-02-15 11:07:54 -0400
committer: Johan Hedberg <johan.hedberg@intel.com> 2013-02-18 10:01:27 +0200
commit: b52d10d7abc522ec65786416ae7956e979855167 (patch)
tree: 90663290c05628ad88a36f0a54910362bb0f32aa /lib
parent: 4c07609a596dddcf64d10c737a8e829360ea36ae (diff)
1 files changed, 16 insertions, 1 deletions
diff --git a/lib/sdp.c b/lib/sdp.c
index 61598bb97..6c73818f6 100644
--- a/lib/sdp.c
+++ b/lib/sdp.c
@@ -2155,9 +2155,24 @@ int sdp_get_server_ver(const sdp_record_t *rec, sdp_list_t **u16)
 		errno = ENODATA;
 		return -1;
 	}
-	for (curr = d->val.dataseq; curr; curr = curr->next)
+
+	if (!SDP_IS_SEQ(d->dtd) || d->val.dataseq == NULL)
+		goto invalid;
+
+	for (curr = d->val.dataseq; curr; curr = curr->next) {
+		if (curr->dtd != SDP_UINT16)
+			goto invalid;
 		*u16 = sdp_list_append(*u16, &curr->val.uint16);
+	}
+
 	return 0;
+
+invalid:
+	sdp_list_free(*u16, NULL);
+	*u16 = NULL;
+	errno = EINVAL;
+
+	return -1;
 }
 
 /* flexible extraction of basic attributes - Jean II */
author	Anderson Lizardo <anderson.lizardo@openbossa.org>	2013-02-15 11:07:54 -0400
committer	Johan Hedberg <johan.hedberg@intel.com>	2013-02-18 10:01:27 +0200
commit	b52d10d7abc522ec65786416ae7956e979855167 (patch)
tree	90663290c05628ad88a36f0a54910362bb0f32aa /lib
parent	4c07609a596dddcf64d10c737a8e829360ea36ae (diff)