git:master: parser: safety check for max port length in URI - sr-dev

8 Apr 2013

Module: sip-router
Branch: master
Commit: 13fd48f89555f5421e8285669e303bcefe44f149
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=13fd48f8...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date:   Tue Apr  9 00:18:35 2013 +0200
parser: safety check for max port length in URI
- can't be longer than 5, a port being 16b value
- reported by Kevin Wojtysiak
---
parser/parse_uri.c |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/parser/parse_uri.c b/parser/parse_uri.c
index e2e16f6..84f35c6 100644
--- a/parser/parse_uri.c
+++ b/parser/parse_uri.c
@@ -1222,6 +1222,10 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
    		goto error_bad_uri;
    		break; /* do nothing, avoids a compilation warning */
    }
+
+	if(uri->port.len>5)
+		goto error_invalid_port;
+
 #ifdef EXTRA_DEBUG
    /* do stuff */
    DBG("parsed uri:\n type=%d user=<%.*s>(%d)\n passwd=<%.*s>(%d)\n"
@@ -1285,6 +1289,10 @@ error_bad_port:
    	*p, state, (int)(p-buf), ZSW(buf), (int)(p-buf),
    	len, ZSW(buf), len);
    goto error_exit;
+error_invalid_port:
+	DBG("parse_uri: bad port in uri: [%.*s] in <%.*s>\n",
+			uri->port.len, uri->port.s, len, ZSW(buf));
+	goto error_exit;
 error_bad_uri:
    DBG("parse_uri: bad uri,  state %d"
    	" parsed: <%.*s> (%d) / <%.*s> (%d)\n",

    