From 15f8b9b8bfe340441950a67b16b3b5b74cc7d15e Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Sun, 31 Dec 2017 11:26:54 -0500
Subject: [PATCH] ice: Increase foundation buffer size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Per RFC 5245, the foundation specified with an ICE candidate can be up
to 32 characters but we are only allowing for 31.
ASTERISK-27498 #close
Reported by: Michele PrÃ
Change-Id: I05ce7a5952721a76a2b4c90366168022558dc7cf
---
channels/chan_sip.c | 4 ++--
main/sdp_state.c | 4 ++--
res/res_pjsip_sdp_rtp.c | 4 ++--
3 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index ed94948a40..e204f00539 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -11343,7 +11343,7 @@ static int process_sdp_a_ice(const char *a, struct sip_pvt *p, struct ast_rtp_in
{
struct ast_rtp_engine_ice *ice;
int found = FALSE;
- char ufrag[256], pwd[256], foundation[32], transport[4], address[46], cand_type[6], relay_address[46] = "";
+ char ufrag[256], pwd[256], foundation[33], transport[4], address[46], cand_type[6], relay_address[46] = "";
struct ast_rtp_engine_ice_candidate candidate = { 0, };
unsigned int port, relay_port = 0;
@@ -11357,7 +11357,7 @@ static int process_sdp_a_ice(const char *a, struct sip_pvt *p, struct ast_rtp_in
} else if (sscanf(a, "ice-pwd: %255s", pwd) == 1) {
ice->set_authentication(instance, NULL, pwd);
found = TRUE;
- } else if (sscanf(a, "candidate: %31s %30u %3s %30u %23s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority,
+ } else if (sscanf(a, "candidate: %32s %30u %3s %30u %23s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority,
address, &port, cand_type, relay_address, &relay_port) >= 7) {
if (rtcp_mux_offered && ast_test_flag(&p->flags[2], SIP_PAGE3_RTCP_MUX) && candidate.id > 1) {
diff --git a/main/sdp_state.c b/main/sdp_state.c
index bccde612ac..5f9ad5eb93 100644
--- a/main/sdp_state.c
+++ b/main/sdp_state.c
@@ -2171,7 +2171,7 @@ static void update_ice(const struct ast_sdp_state *state, struct ast_rtp_instanc
/* Find all of the candidates */
for (attr_i = 0; attr_i < ast_sdp_m_get_a_count(remote_m_line); ++attr_i) {
- char foundation[32];
+ char foundation[33];
char transport[32];
char address[INET6_ADDRSTRLEN + 1];
char cand_type[6];
@@ -2187,7 +2187,7 @@ static void update_ice(const struct ast_sdp_state *state, struct ast_rtp_instanc
continue;
}
- if (sscanf(attr->value, "%31s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u",
+ if (sscanf(attr->value, "%32s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u",
foundation, &candidate.id, transport, (unsigned *)&candidate.priority, address,
&port, cand_type, relay_address, &relay_port) < 7) {
/* Candidate did not parse properly */
diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c
index 854ed14591..9e04119032 100644
--- a/res/res_pjsip_sdp_rtp.c
+++ b/res/res_pjsip_sdp_rtp.c
@@ -627,7 +627,7 @@ static void process_ice_attributes(struct ast_sip_session *session, struct ast_s
/* Find all of the candidates */
for (attr_i = 0; attr_i < remote_stream->attr_count; ++attr_i) {
- char foundation[32], transport[32], address[PJ_INET6_ADDRSTRLEN + 1], cand_type[6], relay_address[PJ_INET6_ADDRSTRLEN + 1] = "";
+ char foundation[33], transport[32], address[PJ_INET6_ADDRSTRLEN + 1], cand_type[6], relay_address[PJ_INET6_ADDRSTRLEN + 1] = "";
unsigned int port, relay_port = 0;
struct ast_rtp_engine_ice_candidate candidate = { 0, };
@@ -640,7 +640,7 @@ static void process_ice_attributes(struct ast_sip_session *session, struct ast_s
ast_copy_pj_str(attr_value, (pj_str_t*)&attr->value, sizeof(attr_value));
- if (sscanf(attr_value, "%31s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport,
+ if (sscanf(attr_value, "%32s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport,
(unsigned *)&candidate.priority, address, &port, cand_type, relay_address, &relay_port) < 7) {
/* Candidate did not parse properly */
continue;
--
GitLab