AST-2017-009: pjproject: Add validation of numeric header values
Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun. To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.
* Created pjlib/include/limits.h and pjlib/include/compat/limits.h
to either include the system limits.h or define common numeric
limits if there is no system limits.h.
* Created strto*_validate functions in sip_parser that take bounds
and on failure call the on_str_parse_error function which prints
an error message and calls PJ_THROW.
* Updated sip_parser to validate the numeric fields.
* Fixed an issue in sip_transport that prevented error messages
from being properly displayed.
* Added "volatile" to some variables referenced in PJ_CATCH blocks
as the optimizer was sometimes optimizing them away.
* Fixed length calculation in sip_transaction/create_tsx_key_2543
to account for signed ints being 11 characters, not 9.
ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation
projects / thirdparty / asterisk.git / commit
