[sr-dev] git:4.0: parser: safety check for max port length in URI
Daniel-Constantin Mierla
miconda at gmail.com
Sat Apr 13 15:46:25 CEST 2013
Module: sip-router
Branch: 4.0
Commit: 31f76fc50ec838b301dede678c97676d63355b4b
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=31f76fc50ec838b301dede678c97676d63355b4b
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: Tue Apr 9 00:18:35 2013 +0200
parser: safety check for max port length in URI
- can't be longer than 5, a port being 16b value
- reported by Kevin Wojtysiak
(cherry picked from commit 13fd48f89555f5421e8285669e303bcefe44f149)
---
parser/parse_uri.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/parser/parse_uri.c b/parser/parse_uri.c
index e2e16f6..84f35c6 100644
--- a/parser/parse_uri.c
+++ b/parser/parse_uri.c
@@ -1222,6 +1222,10 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
goto error_bad_uri;
break; /* do nothing, avoids a compilation warning */
}
+
+ if(uri->port.len>5)
+ goto error_invalid_port;
+
#ifdef EXTRA_DEBUG
/* do stuff */
DBG("parsed uri:\n type=%d user=<%.*s>(%d)\n passwd=<%.*s>(%d)\n"
@@ -1285,6 +1289,10 @@ error_bad_port:
*p, state, (int)(p-buf), ZSW(buf), (int)(p-buf),
len, ZSW(buf), len);
goto error_exit;
+error_invalid_port:
+ DBG("parse_uri: bad port in uri: [%.*s] in <%.*s>\n",
+ uri->port.len, uri->port.s, len, ZSW(buf));
+ goto error_exit;
error_bad_uri:
DBG("parse_uri: bad uri, state %d"
" parsed: <%.*s> (%d) / <%.*s> (%d)\n",
More information about the sr-dev
mailing list