<p>George Joseph <strong>uploaded patch set #2</strong> to this change.</p><p><a href="https://gerrit.asterisk.org/7118">View Change</a></p><pre style="font-family: monospace,monospace; white-space: pre-wrap;">AST-2017-009: pjproject: Add validation of numeric header values<br><br>Parsing the numeric header fields like cseq, ttl, port, etc. all<br>had the potential to overflow, either causing unintended values to<br>be captured or, if the values were subsequently converted back to<br>strings, a buffer overrun. To address this, new "strto" functions<br>have been created that do range checking and those functions are<br>used wherever possible in the parser.<br><br> * Created pjlib/include/limits.h and pjlib/include/compat/limits.h<br> to either include the system limits.h or define common numeric<br> limits if there is no system limits.h.<br><br> * Created strto*_validate functions in sip_parser that take bounds<br> and on failure call the on_str_parse_error function which prints<br> an error message and calls PJ_THROW.<br><br> * Updated sip_parser to validate the numeric fields.<br><br> * Fixed an issue in sip_transport that prevented error messages<br> from being properly displayed.<br><br> * Added "volatile" to some variables referenced in PJ_CATCH blocks<br> as the optimizer was sometimes optimizing them away.<br><br> * Fixed length calculation in sip_transaction/create_tsx_key_2543<br> to account for signed ints being 11 characters, not 9.<br><br>ASTERISK-27319<br>Reported by: Youngsung Kim at LINE Corporation<br><br>Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff<br>---<br>A third-party/pjproject/patches/0090-sip_parser-Add-validity-checking-for-numeric-header-.patch<br>1 file changed, 901 insertions(+), 0 deletions(-)<br><br></pre><pre style="font-family: monospace,monospace; white-space: pre-wrap;">git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/18/7118/2</pre><p>To view, visit <a href="https://gerrit.asterisk.org/7118">change 7118</a>. To unsubscribe, visit <a href="https://gerrit.asterisk.org/settings">settings</a>.</p><div itemscope itemtype="http://schema.org/EmailMessage"><div itemscope itemprop="action" itemtype="http://schema.org/ViewAction"><link itemprop="url" href="https://gerrit.asterisk.org/7118"/><meta itemprop="name" content="View Change"/></div></div>
<div style="display:none"> Gerrit-Project: asterisk </div>
<div style="display:none"> Gerrit-Branch: certified/13.13 </div>
<div style="display:none"> Gerrit-MessageType: newpatchset </div>
<div style="display:none"> Gerrit-Change-Id: I48de2e4ccf196990906304e8d7061f4ffdd772ff </div>
<div style="display:none"> Gerrit-Change-Number: 7118 </div>
<div style="display:none"> Gerrit-PatchSet: 2 </div>
<div style="display:none"> Gerrit-Owner: George Joseph <gjoseph@digium.com> </div>
<div style="display:none"> Gerrit-Reviewer: Jenkins2 </div>