[Asterisk-code-review] AST-2017-003: Handle zero-length body parts correctly. (asterisk[13.15])

Matthew Fredrickson asteriskteam at digium.com
Fri May 19 15:10:15 CDT 2017 

Matthew Fredrickson has submitted this change and it was merged. ( https://gerrit.asterisk.org/5666 )

Change subject: AST-2017-003: Handle zero-length body parts correctly.
......................................................................


AST-2017-003: Handle zero-length body parts correctly.

ASTERISK-26939 #close

Change-Id: I7ea235ab39833a187db4e078f0788bd0af0a24fd
---
A third-party/pjproject/patches/0058-Parse-zero-length-multipart-body-parts-correctly.patch
1 file changed, 41 insertions(+), 0 deletions(-)

Approvals:
  George Joseph: Looks good to me, but someone else must approve; Verified
  Matthew Fredrickson: Looks good to me, approved; Approved for Submit



diff --git a/third-party/pjproject/patches/0058-Parse-zero-length-multipart-body-parts-correctly.patch b/third-party/pjproject/patches/0058-Parse-zero-length-multipart-body-parts-correctly.patch
new file mode 100644
index 0000000..49334c3
--- /dev/null
+++ b/third-party/pjproject/patches/0058-Parse-zero-length-multipart-body-parts-correctly.patch
@@ -0,0 +1,41 @@
+From f0c717463d569f87a16f9b014033c8ca8939a7b4 Mon Sep 17 00:00:00 2001
+From: Mark Michelson <mmichelson at digium.com>
+Date: Thu, 13 Apr 2017 16:59:40 -0500
+Subject: [PATCH] Parse zero-length multipart body parts correctly.
+
+The calculation of end_body could result in a negative length being
+passed to multipart_body_parse_part().
+---
+ pjsip/src/pjsip/sip_multipart.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/pjsip/src/pjsip/sip_multipart.c b/pjsip/src/pjsip/sip_multipart.c
+index 8351f7e..b302139 100644
+--- a/pjsip/src/pjsip/sip_multipart.c
++++ b/pjsip/src/pjsip/sip_multipart.c
+@@ -653,13 +653,15 @@ PJ_DEF(pjsip_msg_body*) pjsip_multipart_parse(pj_pool_t *pool,
+ 
+ 	end_body = curptr;
+ 
+-	/* The newline preceeding the delimiter is conceptually part of
+-	 * the delimiter, so trim it from the body.
+-	 */
+-	if (*(end_body-1) == '\n')
+-	    --end_body;
+-	if (*(end_body-1) == '\r')
+-	    --end_body;
++	if (end_body > start_body) {
++	    /* The newline preceeding the delimiter is conceptually part of
++	     * the delimiter, so trim it from the body.
++	     */
++	    if (*(end_body-1) == '\n')
++		--end_body;
++	    if (*(end_body-1) == '\r')
++		 --end_body;
++	}
+ 
+ 	/* Now that we have determined the part's boundary, parse it
+ 	 * to get the header and body part of the part.
+-- 
+1.9.1
+

-- 
To view, visit https://gerrit.asterisk.org/5666
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I7ea235ab39833a187db4e078f0788bd0af0a24fd
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: 13.15
Gerrit-Owner: Matthew Fredrickson <creslin at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>
Gerrit-Reviewer: Matthew Fredrickson <creslin at digium.com>

More information about the asterisk-code-review mailing list