Skip to content
Snippets Groups Projects
Select Git revision
  • asterisk_rdkb
  • 16916_rdkb_merge
  • lk_disable_registrar
  • lk_forked_183
  • wenpeng-100rel-ippbx
  • fix_multiple_dns_lookup
  • dev_fxs_no_wb
  • fix_fallback
  • 14666_fxs_no_wideband_codec
  • fix_srv_records
  • wenpeng-registration-test
  • fix_deadlock_in_bridge_peer_functions
  • devel default protected
  • securesip_pjproject_part1
  • PJ_Example_Review
  • fix_internal_calls_auth
  • fix_internal_calls
  • Secure_SIPtelephony_part1
  • SIPtelephony_DECT_syslog
  • syslog_develop_phase1
  • 22.0.0-pre1
  • 21.4.2
  • 20.9.2
  • 18.24.2
  • certified-20.7-cert2
  • certified-18.9-cert11
  • 21.4.1
  • 20.9.1
  • 18.24.1
  • 21.4.0
  • 20.9.0
  • 18.24.0
  • certified-20.7-cert1
  • certified-18.9-cert10
  • 21.4.0-rc1
  • 20.9.0-rc1
  • 18.24.0-rc1
  • 21.3.1
  • 20.8.1
  • 18.23.1
40 results
Blame Permalink
  • George Joseph's avatar
    a1f21934
    AST-2017-009: pjproject: Add validation of numeric header values · a1f21934
    George Joseph authored 
    Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun.  To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.

 * Created pjlib/include/limits.h and pjlib/include/compat/limits.h
   to either include the system limits.h or define common numeric
   limits if there is no system limits.h.

 * Created strto*_validate functions in sip_parser that take bounds
   and on failure call the on_str_parse_error function which prints
   an error message and calls PJ_THROW.

 * Updated sip_parser to validate the numeric fields.

 * Fixed an issue in sip_transport that prevented error messages
   from being properly displayed.

 * Added "volatile" to some variables referenced in PJ_CATCH blocks
   as the optimizer was sometimes optimizing them away.

 * Fixed length calculation in sip_transaction/create_tsx_key_2543
   to account for signed ints being 11 characters, not 9.

ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation

Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
    a1f21934
    History
    AST-2017-009: pjproject: Add validation of numeric header values
    George Joseph authored 
    Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun.  To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.

 * Created pjlib/include/limits.h and pjlib/include/compat/limits.h
   to either include the system limits.h or define common numeric
   limits if there is no system limits.h.

 * Created strto*_validate functions in sip_parser that take bounds
   and on failure call the on_str_parse_error function which prints
   an error message and calls PJ_THROW.

 * Updated sip_parser to validate the numeric fields.

 * Fixed an issue in sip_transport that prevented error messages
   from being properly displayed.

 * Added "volatile" to some variables referenced in PJ_CATCH blocks
   as the optimizer was sometimes optimizing them away.

 * Fixed length calculation in sip_transaction/create_tsx_key_2543
   to account for signed ints being 11 characters, not 9.

ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation

Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
0020-sip_parser-Add-validity-checking-for-numeric-header-.patch 30.94 KiB