From: Mark Michelson Date: Mon, 22 Jun 2009 14:34:05 +0000 (+0000) Subject: Fix a possible infinite loop in SDP parsing during glare situation. X-Git-Tag: 1.4.26-rc4~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f7d3e9a0103341cce2642e338912155b293c267;p=thirdparty%2Fasterisk.git Fix a possible infinite loop in SDP parsing during glare situation. There was a while loop in get_ip_and_port_from_sdp which was controlled by a call to get_sdp_iterate. The loop would exit either if what we were searching for was found or if the return was NULL. The problem is that get_sdp_iterate never returns NULL. This means that if what we were searching for was not present, the loop would run infinitely. This modification of the loop fixes the problem. (closes issue #15213) Reported by: schmidts (closes issue #15349) Reported by: samy (closes issue #14464) Reported by: pj (closes issue #15345) Reported by: aragon Patches: sip_inf_loop.patch uploaded by mmichelson (license 60) Tested by: aragon git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@202336 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 156f3e7873..0483a592d3 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -5147,7 +5147,7 @@ static int get_ip_and_port_from_sdp(struct sip_request *req, const enum media_ty /* Continue since there may be a valid host in a c= line specific to the audio stream */ } /* We only want the m and c lines for audio */ - while ((m = get_sdp_iterate(&miterator, req, "m"))) { + for (m = get_sdp_iterate(&miterator, req, "m"); !ast_strlen_zero(m); m = get_sdp_iterate(&miterator, req, "m")) { if ((media == SDP_AUDIO && ((sscanf(m, "audio %d/%d RTP/AVP %n", &x, &numberofports, &len) == 2 && len > 0) || (sscanf(m, "audio %d RTP/AVP %n", &x, &len) == 1 && len > 0))) || (media == SDP_VIDEO && ((sscanf(m, "video %d/%d RTP/AVP %n", &x, &numberofports, &len) == 2 && len > 0) ||