mirror of
https://github.com/signalwire/freeswitch.git
synced 2026-07-04 19:31:56 +00:00
22de26cc7c
* [libesl] Validate `Content-Length` in `esl_recv_event`. `atol()` accepted negative values, allowing a remote ESL peer to cause a one-byte heap underwrite (`Content-Length: -1`) or NULL-pointer dereference (`Content-Length: -2`, since `esl_assert` compiles out under `NDEBUG`). Reject negative and oversized values, and check `malloc` failure instead of relying on `assert`. Cap at `ESL_MAX_CONTENT_LENGTH` (16 MiB). * [libesl] Add test_recv_event.