[Kamailio-Devel] [SR-Dev] content length
Daniel-Constantin Mierla
miconda at gmail.com
Mon Mar 30 20:48:46 CEST 2009
On 03/30/2009 06:27 PM, Juha Heinanen wrote:
> Andrei Pelinescu-Onciul writes:
>
> > It's not a bug in the UA, it's a bug in the proxy code that uses a
> > Content-Length received from the network without checking if it's
> > valid.
>
> if that is the case, then i agree with you. proxy code should not do
> such thing and if it does t is clearly a bug in the proxy code. i
> wonder in how many places k currently trusts content-length.
>
This trust of content-length needs be fixed I agree. However it looks to
me too radical to call abort() on purpose. A developer can fix that
quickly, but users having deployed the sip router cannot coper properly
with. Like in buffer overflow cases, the code detects the case and
returns error, does not call abort(). I see this being similar. I would
avoid abort() on purpose anywhere at runtime, but write error messages,
avoid crash and keep running.
Cheers,
Daniel
--
Daniel-Constantin Mierla
SIP Router Masterclass - Kamailio (OpenSER) Training
http://www.asipto.com/index.php/sip-router-masterclass/
More information about the Devel
mailing list