[Serusers] overflowing Expire values

Hendrik Scholz hendrik.scholz at freenet-ag.de
Wed Aug 31 14:50:01 CEST 2005


Hi!

I gave 3.1.2.4 of draft-ietf-sipping-torture-tests-07 a try and
sent

- a REGISTER with Expires > 2^31 and lower than 2^32
  (2147483748 in my case).
- a REGISTER with Expires > 2^32
  (4294967596 = 2^32 + 300)

I used print_expires() to print the resulting values SER (0.9.3 +
changes) parsed.

It's a negative value in first case and 300 in the latter one.
parser/parse_expires.h defines exp_body_t to have 'int val' which
is not enough to store the parsed values.

Changing it to 'unsigned int val' prevents the negative values from
coming up in SER but does not solve the main problem.
The draft stats that a default value of 3600 seconds should be
assumed in case of errors, so an additional check to make sure
_e->val will always be below 2^32 is necessary.

I do have a small patch for our non-standard branch and could wrap
one up for HEAD if needed.

Hendrik

-- 
freenet Cityline GmbH, Hamburger Chaussee 2-4, 24114 Kiel, Germany
Phone: +49 (0)431 9020552, Fax: +49 (0)431 9020559
Internet: http://www.freenet.de, eMail: hendrik.scholz at freenet-ag.de




More information about the sr-users mailing list