File 0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch of Package libosip2.4662

--- src/osipparser2/osip_body.c
+++ src/osipparser2/osip_body.c
@@ -401,7 +401,7 @@
 			osip_free(ptr);
 			return i;
 		}
-		if (length < tmp_body - ptr + strlen(tmp) + 4) {
+		if (length <= tmp_body - ptr + strlen(tmp) + 4) {
 			size_t len;
 
 			len = tmp_body - ptr;
@@ -416,9 +416,18 @@
 	}
 
 	if ((osip_list_size(body->headers) > 0) || (body->content_type != NULL)) {
+                if (length <= tmp_body - ptr + 2) {
+                        size_t len;
+
+                        len = tmp_body - ptr;
+                        length = length + 2;
+                        ptr = osip_realloc (ptr, length);
+                        tmp_body = ptr + len;
+                }
+
 		tmp_body = osip_strn_append(tmp_body, CRLF, 2);
 	}
-	if (length < tmp_body - ptr + body->length + 4) {
+	if (length <= tmp_body - ptr + body->length + 4) {
 		size_t len;
 
 		len = tmp_body - ptr;
openSUSE Build Service is sponsored by