Module: sip-router
Branch: 3.2
Commit: fbd0339f916ed46c634a4212e3b8e18607ec3ebe
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=fbd0339…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Henning Westerholt <hw(a)kamailio.org>
Date: Tue Apr 9 00:18:35 2013 +0200
parser: safety check for max port length in URI
- can't be longer than 5, a port being 16b value
- reported by Kevin Wojtysiak
(cherry picked from commit 13fd48f89555f5421e8285669e303bcefe44f149)
---
parser/parse_uri.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/parser/parse_uri.c b/parser/parse_uri.c
index affe44f..2cea1d1 100644
--- a/parser/parse_uri.c
+++ b/parser/parse_uri.c
@@ -1145,6 +1145,10 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
goto error_bad_uri;
break; /* do nothing, avoids a compilation warning */
}
+
+ if(uri->port.len>5)
+ goto error_invalid_port;
+
#ifdef EXTRA_DEBUG
/* do stuff */
DBG("parsed uri:\n type=%d user=<%.*s>(%d)\n passwd=<%.*s>(%d)\n"
@@ -1208,6 +1212,10 @@ error_bad_port:
*p, state, (int)(p-buf), ZSW(buf), (int)(p-buf),
len, ZSW(buf), len);
goto error_exit;
+error_invalid_port:
+ DBG("parse_uri: bad port in uri: [%.*s] in <%.*s>\n",
+ uri->port.len, uri->port.s, len, ZSW(buf));
+ goto error_exit;
error_bad_uri:
DBG("parse_uri: bad uri, state %d"
" parsed: <%.*s> (%d) / <%.*s> (%d)\n",