[asterisk-bugs] [JIRA] (ASTERISK-20837) [patch] build_route fails to parse Record-Route headers longer than 255 characters

Corey Farrell (JIRA) noreply at issues.asterisk.org
Mon Dec 24 20:17:45 CST 2012 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-20837?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=200968#comment-200968 ] 

Corey Farrell commented on ASTERISK-20837:
------------------------------------------

ast_str uses realloc, which has the ability to simply expand an allocation.  But in other cases realloc() has to allocate new memory, copy the existing buffer, then free the existing buffer.

Not sure if ast_str would be faster, slower or equal to just having malloc/free for each header.  Probably depends on exactly how realloc is implemented and if it's able to expand an existing allocation instead of copying to a new one.

For optimizing this I think that zero-copy replacements for strsep and get_in_brackets seems like the way to go.  strchr could serve as a replacement for strsep, I haven't gotten a chance to look at get_in_brackets yet.  This would make it so the only copy performed would be directly to thishop->hop.
                
> [patch] build_route fails to parse Record-Route headers longer than 255 characters
> ----------------------------------------------------------------------------------
>
>                 Key: ASTERISK-20837
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-20837
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Channels/chan_sip/Interoperability
>    Affects Versions: 1.8.19.0
>            Reporter: Corey Farrell
>            Severity: Critical
>         Attachments: asterisk-large-rr-header.patch
>
>
> build_route copies each Record-Route header to char rr_copy\[256\].  When the header is longer than this it cuts parts off.  This causes the header to be parsed wrong and the call fails to connect.
> This issue was found when connecting with the SIP core of a large organization.  The SIP core provides a single Record-Route header with comma separated values.  My patch malloc's rr_copy to the exact length required for each header, freeing after each is processed.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the asterisk-bugs mailing list