mod_skinny: fix potential overflow CID: 1060947

src/mod/endpoints/mod_skinny/mod_skinny.h

@@ -336,6 +336,8 @@ switch_endpoint_interface_t *skinny_get_endpoint_interface();
 #define skinny_textid2raw(label) (label > 0 ? switch_mprintf("\200%c", label) : switch_mprintf(""))
 char *skinny_format_message(const char *str);
 
+#define SKINNY_MAX_STRING 16384
+
 #endif /* _MOD_SKINNY_H */
 
 /* For Emacs:

src/mod/endpoints/mod_skinny/skinny_server.c

@@ -1802,6 +1802,12 @@ switch_status_t skinny_handle_capabilities_response(listener_t *listener, skinny
 	}
 	i = 0;
 	pos = 0;
+
+	if ( string_len > SKINNY_MAX_STRING ) {
+		skinny_log_l_msg(listener, SWITCH_LOG_ERROR, "Codec string list too long.\n");
+		return SWITCH_STATUS_FALSE;
+	}
+
 	codec_string = calloc(string_len+1,1);
 	if ( !codec_string ) {
 		skinny_log_l_msg(listener, SWITCH_LOG_ERROR, "Unable to allocate memory for codec string.\n");