[asterisk-commits] russell: tag 1.4.18.1 r109541 - in /tags/1.4.18.1: channels/ main/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Mar 18 11:44:12 CDT 2008


Author: russell
Date: Tue Mar 18 11:44:12 2008
New Revision: 109541

URL: http://svn.digium.com/view/asterisk?view=rev&rev=109541
Log:
Put a maximum limit on the number of payloads accepted, and also make sure a given payload does not exceed our maximum value.
(AST-2008-002)

Modified:
    tags/1.4.18.1/channels/chan_sip.c
    tags/1.4.18.1/main/rtp.c

Modified: tags/1.4.18.1/channels/chan_sip.c
URL: http://svn.digium.com/view/asterisk/tags/1.4.18.1/channels/chan_sip.c?view=diff&rev=109541&r1=109540&r2=109541
==============================================================================
--- tags/1.4.18.1/channels/chan_sip.c (original)
+++ tags/1.4.18.1/channels/chan_sip.c Tue Mar 18 11:44:12 2008
@@ -215,6 +215,8 @@
 #define SIP_MAX_HEADERS              64               /*!< Max amount of SIP headers to read */
 #define SIP_MAX_LINES                64               /*!< Max amount of lines in SIP attachment (like SDP) */
 #define SIP_MAX_PACKET               4096             /*!< Also from RFC 3261 (2543), should sub headers tho */
+
+#define SDP_MAX_RTPMAP_CODECS        32               /*!< Maximum number of codecs allowed in received SDP */
 
 #define INITIAL_CSEQ                 101              /*!< our initial sip sequence number */
 
@@ -4977,7 +4979,7 @@
 	int numberofmediastreams = 0;
 	int debug = sip_debug_test_pvt(p);
 		
-	int found_rtpmap_codecs[32];
+	int found_rtpmap_codecs[SDP_MAX_RTPMAP_CODECS];
 	int last_rtpmap_codec=0;
 
 	if (!p->rtp) {
@@ -5250,24 +5252,30 @@
 			/* We should propably check if this is an audio or video codec
 				so we know where to look */
 
-			/* Note: should really look at the 'freq' and '#chans' params too */
-			if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype,
-					ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) {
-				if (debug)
-					ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec);
-				found_rtpmap_codecs[last_rtpmap_codec] = codec;
-				last_rtpmap_codec++;
-				found = TRUE;
-
-			} else if (p->vrtp) {
-				if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) {
+			if (last_rtpmap_codec < SDP_MAX_RTPMAP_CODECS) {
+				/* Note: should really look at the 'freq' and '#chans' params too */
+				if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype,
+							   ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) {
 					if (debug)
-						ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec);
+						ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec);
 					found_rtpmap_codecs[last_rtpmap_codec] = codec;
 					last_rtpmap_codec++;
 					found = TRUE;
+					
+				} else if (p->vrtp) {
+					if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) {
+						if (debug)
+							ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec);
+						found_rtpmap_codecs[last_rtpmap_codec] = codec;
+						last_rtpmap_codec++;
+						found = TRUE;
+					}
 				}
+			} else {
+				if (debug)
+					ast_verbose("Discarded description format %s for ID %d\n", mimeSubtype, codec);
 			}
+
 			if (!found) {
 				/* Remove this codec since it's an unknown media type for us */
 				/* XXX This is buggy since the media line for audio and video can have the

Modified: tags/1.4.18.1/main/rtp.c
URL: http://svn.digium.com/view/asterisk/tags/1.4.18.1/main/rtp.c?view=diff&rev=109541&r1=109540&r2=109541
==============================================================================
--- tags/1.4.18.1/main/rtp.c (original)
+++ tags/1.4.18.1/main/rtp.c Tue Mar 18 11:44:12 2008
@@ -1651,6 +1651,9 @@
     an unknown media type */
 void ast_rtp_unset_m_type(struct ast_rtp* rtp, int pt) 
 {
+	if (pt < 0 || pt > MAX_RTP_PT)
+		return; /* bogus payload type */
+
 	ast_mutex_lock(&rtp->bridge_lock);
 	rtp->current_RTP_PT[pt].isAstFormat = 0;
 	rtp->current_RTP_PT[pt].code = 0;




More information about the asterisk-commits mailing list