[asterisk-commits] res pjsip.c: Fix crash from corrupt saved SUBSCRIBE message. (asterisk[certified/13.1])

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Wed Aug 12 13:08:23 CDT 2015


Mark Michelson has submitted this change and it was merged.

Change subject: res_pjsip.c: Fix crash from corrupt saved SUBSCRIBE message.
......................................................................


res_pjsip.c: Fix crash from corrupt saved SUBSCRIBE message.

If the saved SUBSCRIBE message is not parseable for whatever reason then
Asterisk could crash when libpjsip tries to parse the message and adds an
error message to the parse error list.

* Made ast_sip_create_rdata() initialize the parse error rdata list.  The
list is checked after parsing to see that it remains empty for the
function to return successful.

ASTERISK-25306
Reported by Mark Michelson

Change-Id: Ie0677f69f707503b1a37df18723bd59418085256
---
M res/res_pjsip.c
1 file changed, 7 insertions(+), 1 deletion(-)

Approvals:
  Mark Michelson: Looks good to me, approved
  Anonymous Coward #1000019: Verified
  Joshua Colp: Looks good to me, but someone else must approve



diff --git a/res/res_pjsip.c b/res/res_pjsip.c
index 8621658..436145a 100644
--- a/res/res_pjsip.c
+++ b/res/res_pjsip.c
@@ -2455,6 +2455,12 @@
 {
 	pj_str_t tmp;
 
+	/*
+	 * Initialize the error list in case there is a parse error
+	 * in the given packet.
+	 */
+	pj_list_init(&rdata->msg_info.parse_err);
+
 	rdata->tp_info.transport = PJ_POOL_ZALLOC_T(rdata->tp_info.pool, pjsip_transport);
 	if (!rdata->tp_info.transport) {
 		return -1;
@@ -2465,7 +2471,7 @@
 	rdata->pkt_info.src_port = src_port;
 
 	pjsip_parse_rdata(packet, strlen(packet), rdata);
-	if (!rdata->msg_info.msg) {
+	if (!rdata->msg_info.msg || !pj_list_empty(&rdata->msg_info.parse_err)) {
 		return -1;
 	}
 

-- 
To view, visit https://gerrit.asterisk.org/1066
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie0677f69f707503b1a37df18723bd59418085256
Gerrit-PatchSet: 1
Gerrit-Project: asterisk
Gerrit-Branch: certified/13.1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Anonymous Coward #1000019
Gerrit-Reviewer: Joshua Colp <jcolp at digium.com>
Gerrit-Reviewer: Mark Michelson <mmichelson at digium.com>



More information about the asterisk-commits mailing list