[Asterisk-code-review] AST-2018-002: Crash with an invalid SDP media format descrip... (asterisk[master])
Kevin Harwell
asteriskteam at digium.com
Wed Feb 21 14:11:30 CST 2018
Kevin Harwell has submitted this change and it was merged. ( https://gerrit.asterisk.org/8345 )
Change subject: AST-2018-002: Crash with an invalid SDP media format description
......................................................................
AST-2018-002: Crash with an invalid SDP media format description
pjproject's media format parsing algorithm failed to catch invalid values.
Because of this Asterisk would crash if given an SDP with a invalid media
format description.
When parsing the media format description this patch now properly parses the
value and returns an error status if it can't successfully parse/convert the
value.
ASTERISK-27582 #close
Change-Id: I883b3a4ef85b6972397f7b56bf46c5779c55fdd6
---
A third-party/pjproject/patches/0070-sdp_media_fmt.patch
1 file changed, 19 insertions(+), 0 deletions(-)
Approvals:
Jenkins2: Verified
Kevin Harwell: Looks good to me, approved; Approved for Submit
diff --git a/third-party/pjproject/patches/0070-sdp_media_fmt.patch b/third-party/pjproject/patches/0070-sdp_media_fmt.patch
new file mode 100644
index 0000000..0a0977d
--- /dev/null
+++ b/third-party/pjproject/patches/0070-sdp_media_fmt.patch
@@ -0,0 +1,19 @@
+diff --git a/pjmedia/src/pjmedia/sdp.c b/pjmedia/src/pjmedia/sdp.c
+index a3dd80b..0a13206 100644
+--- a/pjmedia/src/pjmedia/sdp.c
++++ b/pjmedia/src/pjmedia/sdp.c
+@@ -1516,11 +1516,12 @@ PJ_DEF(pj_status_t) pjmedia_sdp_validate2(const pjmedia_sdp_session *sdp,
+ * RTC based programs sends "null" for instant messaging!
+ */
+ if (pj_isdigit(*m->desc.fmt[j].ptr)) {
+- unsigned pt = pj_strtoul(&m->desc.fmt[j]);
++ unsigned long pt;
++ pj_status_t status = pj_strtoul3(&m->desc.fmt[j], &pt, 10);
+
+ /* Payload type is between 0 and 127.
+ */
+- CHECK( pt <= 127, PJMEDIA_SDP_EINPT);
++ CHECK( status == PJ_SUCCESS && pt <= 127, PJMEDIA_SDP_EINPT);
+
+ /* If port is not zero, then for each dynamic payload type, an
+ * rtpmap attribute must be specified.
--
To view, visit https://gerrit.asterisk.org/8345
To unsubscribe, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I883b3a4ef85b6972397f7b56bf46c5779c55fdd6
Gerrit-Change-Number: 8345
Gerrit-PatchSet: 1
Gerrit-Owner: Kevin Harwell <kharwell at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Kevin Harwell <kharwell at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180221/2e6adea5/attachment.html>
More information about the asterisk-code-review
mailing list