[sr-dev] git:master:bd528072: core: parser sdp - check if delimiter exceeds body limit
Daniel-Constantin Mierla
miconda at gmail.com
Thu Dec 16 10:02:45 CET 2021
Module: kamailio
Branch: master
Commit: bd5280726a9842b257afabae548853d000ecd249
URL: https://github.com/kamailio/kamailio/commit/bd5280726a9842b257afabae548853d000ecd249
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-12-16T10:01:34+01:00
core: parser sdp - check if delimiter exceeds body limit
---
Modified: src/core/parser/sdp/sdp.c
---
Diff: https://github.com/kamailio/kamailio/commit/bd5280726a9842b257afabae548853d000ecd249.diff
Patch: https://github.com/kamailio/kamailio/commit/bd5280726a9842b257afabae548853d000ecd249.patch
---
diff --git a/src/core/parser/sdp/sdp.c b/src/core/parser/sdp/sdp.c
index 14779e4d12..c3c94c37da 100644
--- a/src/core/parser/sdp/sdp.c
+++ b/src/core/parser/sdp/sdp.c
@@ -645,12 +645,16 @@ static int parse_mixed_content(str *mixed_body, str delimiter, sdp_info_t* _sdp)
d1p = d2p;
if (d1p == NULL || d1p >= bodylimit)
break; /* No applications left */
+ if(d1p + delimiter.len + 2 > bodylimit) {
+ LM_ERR("failed parsing [%.*s]\n", mixed_body->len, mixed_body->s);
+ return -1;
+ }
d2p = find_next_sdp_line_delimiter(d1p, bodylimit, delimiter, bodylimit);
/* d2p is text limit for application parsing */
- memset(&hf,0, sizeof(struct hdr_field));
+ memset(&hf, 0, sizeof(struct hdr_field));
rest = eat_line(d1p + delimiter.len + 2, d2p - d1p - delimiter.len - 2);
if ( rest > d2p ) {
- LM_ERR("Unparsable <%.*s>\n", (int)(d2p-d1p), d1p);
+ LM_ERR("unparsable [%.*s]\n", (int)(d2p-d1p), d1p);
return -1;
}
no_eoh_found = 1;
More information about the sr-dev
mailing list