[Asterisk-code-review] AST-2018-003: Crash with an invalid SDP fmtp attribute (asterisk[13])

Kevin Harwell asteriskteam at digium.com
Wed Feb 21 12:12:31 CST 2018


Kevin Harwell has submitted this change and it was merged. ( https://gerrit.asterisk.org/8358 )

Change subject: AST-2018-003: Crash with an invalid SDP fmtp attribute
......................................................................

AST-2018-003: Crash with an invalid SDP fmtp attribute

pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
Because of this Asterisk would crash if given an SDP with an invalid fmtp
attribute.

When retrieving the format this patch now makes sure the fmtp attribute is
available. If not available it now returns an error status.

ASTERISK-27583 #close

Change-Id: I5cebe000ce2d846cae3af33b6d72c416e51caf2f
---
A third-party/pjproject/patches/0071-sdp_fmtp_attr.patch
1 file changed, 34 insertions(+), 0 deletions(-)

Approvals:
  Jenkins2: Verified
  Kevin Harwell: Looks good to me, approved; Approved for Submit



diff --git a/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch b/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch
new file mode 100644
index 0000000..8228d5d
--- /dev/null
+++ b/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch
@@ -0,0 +1,34 @@
+diff --git a/pjmedia/src/pjmedia/sdp.c b/pjmedia/src/pjmedia/sdp.c
+index a3dd80b..6117e07 100644
+--- a/pjmedia/src/pjmedia/sdp.c
++++ b/pjmedia/src/pjmedia/sdp.c
+@@ -256,7 +256,8 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtpmap( const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtpmap")==0, PJ_EINVALIDOP);
+ 
+-    PJ_ASSERT_RETURN(attr->value.slen != 0, PJMEDIA_SDP_EINATTR);
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
+ 
+     init_sdp_parser();
+ 
+@@ -341,6 +342,9 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_fmtp( const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "fmtp")==0, PJ_EINVALIDOP);
+ 
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
++
+     /* fmtp BNF:
+      *	a=fmtp:<format> <format specific parameter>
+      */
+@@ -379,6 +383,9 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtcp(const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtcp")==0, PJ_EINVALIDOP);
+ 
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
++
+     init_sdp_parser();
+ 
+     /* fmtp BNF:

-- 
To view, visit https://gerrit.asterisk.org/8358
To unsubscribe, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 13
Gerrit-MessageType: merged
Gerrit-Change-Id: I5cebe000ce2d846cae3af33b6d72c416e51caf2f
Gerrit-Change-Number: 8358
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180221/7c77f64f/attachment.html>


More information about the asterisk-code-review mailing list