Re: [reSIProcate] bad_alloc exception in ConnectionBase.cxx
I'm running on 1.0.2. I had a quick look with the code browser if this 
was fixed, but apparently I missed it.
sorry for the trouble
Björn
Byron Campen wrote:
    What revision are you working with? This had already been fixed 
on  head I thought.
Best regards,
Byron Campen
Hi,
We have run test with the Codenomicon test tool. It sends a BYE (tcp
transport) with an unreasonable Content-Length:
INVITE sip:user@xxxxxxxxxxxxxx SIP/2.0
To: <sip:user@xxxxxxxxxxxxxx>
From: "user" <sip:user@xxxxxxxxxxxxxxxx:5060>;tag=00007359
Via: SIP/2.0/UDP from.example.com: 5060;branch=z9hG4bK7359t1180001580949
Call-ID: s0c00007359i0t1180001580949@xxxxxxxxxxxxxxxx
Contact: "user" <sip:user@xxxxxxxxxxxxxxxx;transport=udp>
Content-Length: 1073741823
Content-Type: application/sdp
CSeq: 7359 INVITE
Max-Forwards: 70
v=0
o=user 1 1 IN IP4 192.168.2.44
s=Codenomicon SIP UAS Test Tool 3.2 (http://www.codenomicon.com/)
c=IN IP4 192.168.2.44
t=0 0
m=audio 49158 RTP/AVP 0
a=rtpmap:0 PCMU/8000
This causes a bad_alloc exception in ConnetionBase.cxx, so I've done a
patch to do some kind of check if size is reasonable.
best regards
Björn
--- ConnectionBase.cxx.orig    2008-03-07 08:59:33.000000000 +0100
+++ ConnectionBase.cxx    2008-03-07 09:01:25.000000000 +0100
@@ -197,6 +197,8 @@
             {
                // The message header is complete.
                contentLength=mMessage->header 
(h_ContentLength).value();
+               if (contentLength > 65565)
+                  throw resip::ParseBuffer::Exception("unreasonable
length", "Content-Length", __FILE__, __LINE__);
             }
             catch(resip::ParseException& e)
             {
@@ -295,6 +297,8 @@
          try
          {
              contentLength = mMessage->header 
(h_ContentLength).value();
+             if (contentLength > 65565)
+                throw resip::ParseBuffer::Exception("unreasonable
length", "Content-Length", __FILE__, __LINE__);
          }
          catch(resip::ParseException& e)
          {
--
This communication is confidential and intended solely for the  
addressee(s). Any unauthorized review, use, disclosure or  
distribution is prohibited. If you believe this message has been  
sent to you in error, please notify the sender by replying to this  
transmission and delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption,  
interruption, unauthorized amendment, tampering and viruses, and we  
only send and receive e-mails on the basis that we are not liable  
for any such corruption, interception, amendment, tampering or  
viruses or any consequences thereof.
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxx
https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
--
This communication is confidential and intended solely for the addressee(s). 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
believe this message has been sent to you in error, please notify the sender by 
replying to this transmission and delete the message without disclosing it. 
Thank you.
E-mail including attachments is susceptible to data corruption, interruption, 
unauthorized amendment, tampering and viruses, and we only send and receive 
e-mails on the basis that we are not liable for any such corruption, 
interception, amendment, tampering or viruses or any consequences thereof.