[SR-Dev] content length
Andrei Pelinescu-Onciul
andrei at iptel.org
Mon Mar 30 16:24:31 CEST 2009
On Mar 30, 2009 at 16:06, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
> Hello,
>
> the data lumps system is critically affected if content-length is wrong
> for UDP. The anchor_lump() calls abort() in the case content-length is
> higher than actually body length.
It's true that anchor_lump() calls abort if the offset passed to it is
outside the message, but I don't see where anchor_lump() is called with
a value depending on Content-Length (at least in sip-router and ser).
> This can be prevented by called sanity
> module to check the content length, however, I consider being too
> drastic to have abort in such case, it would be better to return an
> error and let the sip router process other messages. Opinions?
>
> Checking sip-router sources, it faces same issue.
>
> Another option would be to correct the C-L value locally, but the right
> one is that phone vendor fixes its side.
It's fixed automatically in sip-router, if the destination protocol is
tcp or tls.
Andrei
More information about the sr-dev
mailing list