Fix a possible infinite loop in SDP parsing during glare situation.

There was a while loop in get_ip_and_port_from_sdp which was controlled
by a call to get_sdp_iterate. The loop would exit either if what we were
searching for was found or if the return was NULL. The problem is that
get_sdp_iterate never returns NULL. This means that if what we were searching
for was not present, the loop would run infinitely. This modification of the
loop fixes the problem.

(closes issue #15213)
Reported by: schmidts

(closes issue #15349)
Reported by: samy

(closes issue #14464)
Reported by: pj

(closes issue #15345)
Reported by: aragon
Patches:
      sip_inf_loop.patch uploaded by mmichelson (license 60)
Tested by: aragon

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@202336 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 156f3e7873a05d267d9de21e0d8bd25b3bf3c850..0483a592d3c2fdae0f292ed854b103f0cd0a3773 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -5147,7 +5147,7 @@ static int get_ip_and_port_from_sdp(struct sip_request *req, const enum media_ty
                /* Continue since there may be a valid host in a c= line specific to the audio stream */
        }
        /* We only want the m and c lines for audio */
-       while ((m = get_sdp_iterate(&miterator, req, "m"))) {
+       for (m = get_sdp_iterate(&miterator, req, "m"); !ast_strlen_zero(m); m = get_sdp_iterate(&miterator, req, "m")) {
                if ((media == SDP_AUDIO && ((sscanf(m, "audio %d/%d RTP/AVP %n", &x, &numberofports, &len) == 2 && len > 0) ||
                    (sscanf(m, "audio %d RTP/AVP %n", &x, &len) == 1 && len > 0))) ||
                        (media == SDP_VIDEO && ((sscanf(m, "video %d/%d RTP/AVP %n", &x, &numberofports, &len) == 2 && len > 0) ||