[Devel] [Fwd: [Serdev] CVS:commitlog: sip_router/modules/usrloc ucontact.c]

Klaus Darilion klaus.mailinglists at pernau.at
Mon Jan 23 16:35:56 CET 2006 

Bogdan-Andrei Iancu wrote:
> Hi Klaus,
> 
> the idea is good, but personally I do not agree with the implementation 
> - to be more precise I do not agree with the idea of keeping in DB 
> truncated values for important values like callid and contact - lead to 
> inconsistent data. As for UA name (which is just as info), the 
> truncating approach make sense, for callid and contact I will suggest 
> rejecting the REGISTER requests with too long values - looks more 
> healthier to me.

You are right. BTW: Has someone ever tried how the acc module deals with 
too long string (e.g. a From header with a display name with 1000 
characters)? Are they accounted?

regards
klaus

> 
> regards,
> bogdan
> 
> Klaus Darilion wrote:
> 
>> I think this update is also interesting for openser
>>
>> regards
>> klaus
>>
>> -------- Original Message --------
>> Subject: [Serdev] CVS:commitlog: sip_router/modules/usrloc ucontact.c
>> Date: Fri, 20 Jan 2006 19:27:43 +0100
>> From: Maxim Sobolev <sobomax at portaone.com>
>> To: serdev at iptel.org
>>
>> sobomax     2006/01/20 19:27:43 CET
>>
>>   SER CVS Repository
>>
>>   Modified files:
>>     modules/usrloc       ucontact.c
>>   Log:
>>   When inserting/updating contacts in the DB make sure to not overflow 
>> column
>>   limit for user_agent, contact and callid columns. Otherwise the UA 
>> can cause
>>   DoS by sending (intentionally or not) value exceeding column limit in
>>   any of the corresponding header fields. It is also probably an issue 
>> with
>>   error-handling (or lack of thereof) in particular DB backends, but on
>>   0.9.3 with postgresql backend such unchecked insert causes segfault.
>>
>>   Revision  Changes    Path
>>   1.45      +13 -8     sip_router/modules/usrloc/ucontact.c
>> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/usrloc/ucontact.c.diff?r1=1.44&r2=1.45 
>>
>>
>> _______________________________________________
>> Serdev mailing list
>> Serdev at iptel.org
>> http://mail.iptel.org/mailman/listinfo/serdev
>>
>>
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>>
> 
>

More information about the Devel mailing list