if we receive an INVITE with a Content-Length that is not a valid number, or is zero...

closes issue #11475
Reported by: andrebarbosa

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108086 65c4cc65-6c06-0410-ace0-fbb531ad65f3

diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 113fe951854b4a60b38431a3df8d322d80cc77fa..cf8a78e949398a288430d2c09f5a380f24f8548e 100644 (file)
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -4856,6 +4856,7 @@ static void parse_request(struct sip_request *req)
 static int find_sdp(struct sip_request *req)
 {
        const char *content_type;
+       const char *content_length;
        const char *search;
        char *boundary;
        unsigned int x;
@@ -4863,6 +4864,20 @@ static int find_sdp(struct sip_request *req)
        int found_application_sdp = FALSE;
        int found_end_of_headers = FALSE;
 
+       content_length = get_header(req, "Content-Length");
+
+       if (!ast_strlen_zero(content_length)) {
+               if (sscanf(content_length, "%ud", &x) != 1) {
+                       ast_log(LOG_WARNING, "Invalid Content-Length: %s\n", content_length);
+                       return 0;
+               }
+
+               /* Content-Length of zero means there can't possibly be an
+                  SDP here, even if the Content-Type says there is */
+               if (x == 0)
+                       return 0;
+       }
+
        content_type = get_header(req, "Content-Type");
 
        /* if the body contains only SDP, this is easy */