[Asterisk-code-review] AST-2017-009: pjproject: Add validation of numeric header va... (asterisk[14])

George Joseph asteriskteam at digium.com
Wed Nov 8 07:57:17 CST 2017 

Hello Jenkins2, 

I'd like you to reexamine a change. Please visit

    https://gerrit.asterisk.org/7120

to look at the new patch set (#2).

Change subject: AST-2017-009: pjproject: Add validation of numeric header values
......................................................................

AST-2017-009: pjproject: Add validation of numeric header values

Parsing the numeric header fields like cseq, ttl, port, etc. all
had the potential to overflow, either causing unintended values to
be captured or, if the values were subsequently converted back to
strings, a buffer overrun.  To address this, new "strto" functions
have been created that do range checking and those functions are
used wherever possible in the parser.

 * Created pjlib/include/limits.h and pjlib/include/compat/limits.h
   to either include the system limits.h or define common numeric
   limits if there is no system limits.h.

 * Created strto*_validate functions in sip_parser that take bounds
   and on failure call the on_str_parse_error function which prints
   an error message and calls PJ_THROW.

 * Updated sip_parser to validate the numeric fields.

 * Fixed an issue in sip_transport that prevented error messages
   from being properly displayed.

 * Added "volatile" to some variables referenced in PJ_CATCH blocks
   as the optimizer was sometimes optimizing them away.

 * Fixed length calculation in sip_transaction/create_tsx_key_2543
   to account for signed ints being 11 characters, not 9.

ASTERISK-27319
Reported by: Youngsung Kim at LINE Corporation

Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
---
A third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch
1 file changed, 910 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/20/7120/2
-- 
To view, visit https://gerrit.asterisk.org/7120
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 14
Gerrit-MessageType: newpatchset
Gerrit-Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff
Gerrit-Change-Number: 7120
Gerrit-PatchSet: 2
Gerrit-Owner: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20171108/ea7dd771/attachment.html>

More information about the asterisk-code-review mailing list