[Devel] [Fwd: [Serdev] CVS:commitlog: sip_router/modules/usrloc
ucontact.c]
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Jan 23 11:54:29 CET 2006
Hi Klaus,
the idea is good, but personally I do not agree with the implementation
- to be more precise I do not agree with the idea of keeping in DB
truncated values for important values like callid and contact - lead to
inconsistent data. As for UA name (which is just as info), the
truncating approach make sense, for callid and contact I will suggest
rejecting the REGISTER requests with too long values - looks more
healthier to me.
regards,
bogdan
Klaus Darilion wrote:
> I think this update is also interesting for openser
>
> regards
> klaus
>
> -------- Original Message --------
> Subject: [Serdev] CVS:commitlog: sip_router/modules/usrloc ucontact.c
> Date: Fri, 20 Jan 2006 19:27:43 +0100
> From: Maxim Sobolev <sobomax at portaone.com>
> To: serdev at iptel.org
>
> sobomax 2006/01/20 19:27:43 CET
>
> SER CVS Repository
>
> Modified files:
> modules/usrloc ucontact.c
> Log:
> When inserting/updating contacts in the DB make sure to not overflow
> column
> limit for user_agent, contact and callid columns. Otherwise the UA
> can cause
> DoS by sending (intentionally or not) value exceeding column limit in
> any of the corresponding header fields. It is also probably an issue
> with
> error-handling (or lack of thereof) in particular DB backends, but on
> 0.9.3 with postgresql backend such unchecked insert causes segfault.
>
> Revision Changes Path
> 1.45 +13 -8 sip_router/modules/usrloc/ucontact.c
> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/usrloc/ucontact.c.diff?r1=1.44&r2=1.45
>
>
> _______________________________________________
> Serdev mailing list
> Serdev at iptel.org
> http://mail.iptel.org/mailman/listinfo/serdev
>
>
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
>
More information about the Devel
mailing list