From: Kevin P. Fleming Date: Wed, 12 Mar 2008 19:16:07 +0000 (+0000) Subject: if we receive an INVITE with a Content-Length that is not a valid number, or is zero... X-Git-Tag: 1.4.19-rc3~24 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=988e55c13f264d06cf72bdc0fc474e96d64abe8c;p=thirdparty%2Fasterisk.git if we receive an INVITE with a Content-Length that is not a valid number, or is zero, then don't process the rest of the message body looking for an SDP closes issue #11475 Reported by: andrebarbosa git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108086 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 113fe95185..cf8a78e949 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -4856,6 +4856,7 @@ static void parse_request(struct sip_request *req) static int find_sdp(struct sip_request *req) { const char *content_type; + const char *content_length; const char *search; char *boundary; unsigned int x; @@ -4863,6 +4864,20 @@ static int find_sdp(struct sip_request *req) int found_application_sdp = FALSE; int found_end_of_headers = FALSE; + content_length = get_header(req, "Content-Length"); + + if (!ast_strlen_zero(content_length)) { + if (sscanf(content_length, "%ud", &x) != 1) { + ast_log(LOG_WARNING, "Invalid Content-Length: %s\n", content_length); + return 0; + } + + /* Content-Length of zero means there can't possibly be an + SDP here, even if the Content-Type says there is */ + if (x == 0) + return 0; + } + content_type = get_header(req, "Content-Type"); /* if the body contains only SDP, this is easy */