[asterisk-bugs] [JIRA] (ASTERISK-26579) chan_opus: Recursiveness when parsing fmtp line

Jørgen H (JIRA) noreply at issues.asterisk.org
Fri Nov 11 05:42:09 CST 2016 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=233610#comment-233610 ] 

Jørgen H commented on ASTERISK-26579:
-------------------------------------

I'm not very into asterisk code, but this code is probably fix:


static void sdp_fmtp_get(const char *attributes, const char *name, int *attr)
{
        const char *kvp = attributes;
        int val;

        /*
         * If the named attribute is not at the start of the given attributes, and
         * the preceding character is not a space or semicolon then it's not the
         * attribute we are looking for. It's an attribute with the name embedded
         * within it (e.g. ptime in maxptime, stereo in sprop-stereo).
         */

        while (*kvp)
        {
                while (*kvp == ' ')
                        ++kvp;
                if (!strncmp(attributes, kvp, strlen(attributes)) && kvp[strlen(attributes)] == '=')
                {
                        if (sscanf(kvp, "%*[^=]=%30d", &val) == 1)
                                *attr = val;
                        break;
                }

                if (!(kvp = strchr(kvp, ';')))
                        break;
                ++kvp;
        }
}


> chan_opus: Recursiveness when parsing fmtp line
> -----------------------------------------------
>
>                 Key: ASTERISK-26579
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26579
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Resources/res_format_attr_opus
>    Affects Versions: 14.1.2
>         Environment: linux x64
>            Reporter: Jørgen H
>
> recursive stack overflow
> sdp_fmtp_get (attributes=<optimized out>, name=0x7ff5071de32c "ptime", attr=0x7ff4fc0548f8) at res_format_attr_opus.c:120
> #6450 0x00007ff5071dc957 in sdp_fmtp_get (attr=<optimized out>, name=<optimized out>, attributes=<optimized out>) at res_format_attr_opus.c:120
> sdp is
> v=0
> o=- 975991180 975991180 IN IP4 xxx
> s=Asterisk
> c=IN IP4 xxx
> t=0 0
> m=audio 25524 RTP/AVP 107 8 0 4 9 101
> a=rtpmap:107 opus/48000/2
> a=rtpmap:8 PCMA/8000
> a=rtpmap:0 PCMU/8000
> a=rtpmap:4 G723/8000
> a=rtpmap:9 G722/8000
> a=rtpmap:101 telephone-event/8000
> a=fmtp:101 0-16
> a=ptime:20
> a=maxptime:20



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list