[Kamailio-Devel] [SR-Dev] content length

Klaus Darilion klaus.mailinglists at pernau.at
Tue Mar 31 12:18:06 CEST 2009 


Andrei Pelinescu-Onciul schrieb:
> On Mar 31, 2009 at 10:57, Klaus Darilion <klaus.mailinglists at pernau.at> wrote:
>>
>> Andrei Pelinescu-Onciul schrieb:
>>> On Mar 30, 2009 at 16:06, Daniel-Constantin Mierla <miconda at gmail.com> 
>>> wrote:
>>>> Hello,
>>>>
>>>> the data lumps system is critically affected if content-length is wrong 
>>>> for UDP. The anchor_lump() calls abort() in the case content-length is 
>>>> higher than actually body length.
>>> It's true that anchor_lump() calls abort if the offset passed to it is
>>> outside the message, but I don't see where anchor_lump() is called with
>>> a value depending on Content-Length (at least in sip-router and ser).
>>>
>>>> This can be prevented by called sanity 
>>>> module to check the content length, however, I consider being too 
>>>> drastic to have abort in such case, it would be better to return an 
>>>> error and let the sip router process other messages. Opinions?
>>>>
>>>> Checking sip-router sources, it faces same issue.
>>>>
>>>> Another option would be to correct the C-L value locally, but the right 
>>>> one is that phone vendor fixes its side.
>>> It's fixed automatically in sip-router, if the destination protocol is
>>> tcp or tls.
>> How can this be fixed automatically? How will the proxy know when then 
>> body ends and the next message starts?
> 
> If the destination is tcp or tls, but the source is not (source is udp
> or sctp).
> One more clarification: it does not the fix the value of the content
> length visible from sr, it will fix the Content-Length header in the
> forwarded message.

Ups. I have overseen the word "destination", sorry.

> 
>> regards
>> klaus
>>
>> PS: IMO the server should respond with "400 wrong content length" if 
>> accessing of the body is required and the length is wrong
> 
> Why would anyone use content-length for accessing the body in the first
> place? You always know (in sr/ser/k) where the message ends
> (msg->buf+msg->len) and where the body starts (get_body(msg)).

hmmm.

If input protocol is stream oriented, I guess the body-len is always 
correct, as SR has to use the content-length header to get the body.

When using UDP the question is: What should be used as body boundary - 
from CRLFCRLF to end of datagram or from CRLFCRLF "content-length" 
bytes? In any case, if SR detects a problem that those 2 methods return 
different result IMO rejecting with 400 is best.

klaus
Stream oriented
> 
> 
> Andrei

More information about the Devel mailing list