[Devel] [Fwd: [Serdev] CVS:commitlog: sip_router/modules/usrloc
ucontact.c]
Mike Williams
mwilliams at etc1.net
Mon Jan 23 23:41:13 CET 2006
On Monday 23 January 2006 10:35, Klaus Darilion wrote:
I just tested it, and here's what I pulled out of the sip_from column in the
database:
"1111111111222222222211111111112222222222111111111122222222221111111111222222222211111111112222222222111111111122222222221111111
I had used 10 1's and 10 2's up to 1000 characters. Looks like acc just
truncates it. My PSTN gateway won't even pass the call though. SIP to SIP
works.
---Mike
> Bogdan-Andrei Iancu wrote:
> > Hi Klaus,
> >
> > the idea is good, but personally I do not agree with the implementation
> > - to be more precise I do not agree with the idea of keeping in DB
> > truncated values for important values like callid and contact - lead to
> > inconsistent data. As for UA name (which is just as info), the
> > truncating approach make sense, for callid and contact I will suggest
> > rejecting the REGISTER requests with too long values - looks more
> > healthier to me.
>
> You are right. BTW: Has someone ever tried how the acc module deals with
> too long string (e.g. a From header with a display name with 1000
> characters)? Are they accounted?
>
> regards
> klaus
>
> > regards,
> > bogdan
> >
> > Klaus Darilion wrote:
> >> I think this update is also interesting for openser
> >>
> >> regards
> >> klaus
> >>
> >> -------- Original Message --------
> >> Subject: [Serdev] CVS:commitlog: sip_router/modules/usrloc ucontact.c
> >> Date: Fri, 20 Jan 2006 19:27:43 +0100
> >> From: Maxim Sobolev <sobomax at portaone.com>
> >> To: serdev at iptel.org
> >>
> >> sobomax 2006/01/20 19:27:43 CET
> >>
> >> SER CVS Repository
> >>
> >> Modified files:
> >> modules/usrloc ucontact.c
> >> Log:
> >> When inserting/updating contacts in the DB make sure to not overflow
> >> column
> >> limit for user_agent, contact and callid columns. Otherwise the UA
> >> can cause
> >> DoS by sending (intentionally or not) value exceeding column limit in
> >> any of the corresponding header fields. It is also probably an issue
> >> with
> >> error-handling (or lack of thereof) in particular DB backends, but on
> >> 0.9.3 with postgresql backend such unchecked insert causes segfault.
> >>
> >> Revision Changes Path
> >> 1.45 +13 -8 sip_router/modules/usrloc/ucontact.c
> >> http://cvs.berlios.de/cgi-bin/viewcvs.cgi/ser/sip_router/modules/usrloc/
> >>ucontact.c.diff?r1=1.44&r2=1.45
> >>
> >>
> >> _______________________________________________
> >> Serdev mailing list
> >> Serdev at iptel.org
> >> http://mail.iptel.org/mailman/listinfo/serdev
> >>
> >>
> >>
> >> _______________________________________________
> >> Devel mailing list
> >> Devel at openser.org
> >> http://openser.org/cgi-bin/mailman/listinfo/devel
>
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel
More information about the Devel
mailing list