[sr-dev] [ openser-Bugs-2818273 ] crash when Content-length too big

SourceForge.net noreply at sourceforge.net
Wed Jul 8 01:28:35 CEST 2009


Bugs item #2818273, was opened at 2009-07-07 23:28
Message generated for change (Tracker Item Submitted) made by nobody
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: ver 1.5.x
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: crash when Content-length too big

Initial Comment:
Recently we encountered some crashes of kamailio 1.5.0 caused by messages with too big value of Content-length (more than 30000). When the parser in nathelper.c looks for old and new port it sometimes finds occurences after the real end of the message. Then the sanity check in del_lump() in data_lump.c finds that either offset or offset+len is greater than msg->len and calls abort().

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=2818273&group_id=139143



More information about the sr-dev mailing list