Merge pull request #1444 in SNORT/snort3 from ~PSHINDE2/snort3:sip_buffer_overflow...

Squashed commit of the following:

commit 8ff1664addda5eb674ed2cf6db492d3f19feea56
Author: Pratik Shinde <pshinde2@cisco.com>
Date:   Tue Nov 27 16:48:39 2018 -0500

    sip: Added sanity check for buffer boundary while parsing a sip message

diff --git a/src/service_inspectors/sip/sip_parser.cc b/src/service_inspectors/sip/sip_parser.cc
index e78b93aefca476ac59aa25480501b22081745d53..1557f2811f95279586ecc0cd0786b4c3b7eb6e12 100644 (file)
--- a/src/service_inspectors/sip/sip_parser.cc
+++ b/src/service_inspectors/sip/sip_parser.cc
@@ -1184,14 +1184,17 @@ bool sip_parse(SIPMsg* msg, const char* buff, const char* end, SIP_PROTO_CONF* c
     start = nextIndex;
     uint16_t bodyLen = end - start;
 
-    /*Disable this check for TCP. Revisit this again when PAF enabled for SIP*/
     if ((!msg->isTcp)&&(msg->content_len > bodyLen))
         DetectionEngine::queue_event(GID_SIP, SIP_EVENT_MISMATCH_CONTENT_LEN);
 
-    bool status = sip_body_parse(msg, start, start + msg->content_len, &nextIndex);
+    bool status;
+
+    if(msg->content_len <= bodyLen)
+        status = sip_body_parse(msg, start, start + msg->content_len, &nextIndex);
+    else
+        status = sip_body_parse(msg, start, end, &nextIndex);
 
     // Find out whether multiple SIP messages in this packet
-    /*Disable this check for TCP. Revisit this again when PAF enabled for SIP*/
     if ((!msg->isTcp) && (msg->content_len < bodyLen))
     {
         if ( sip_startline_parse(msg, start + msg->content_len, end, &nextIndex, config) )