< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

Re: [reSIProcate] Array overflow bug in Headers::CommaEncoding and similar arrays


Yeah, this bug was tracked down a few months ago, and is fixed in svn head. Good eye though.

Best regards,
Byron Campen

Hello all,

I think resiprocate-0.9.0-5019 has an array overflow bug affecting CommaEncoding and similar arrays inside the Headers class. This bug is easy to reproduce as shown below. I have come up with two possible ways of fixing the bug but I'd like to know what other developers on the list think.

Thanks,

Jorge

BEGIN: Steps to reproduce array overflow bug
------------------------------------------------------------
STEP 1) Modify "Headers::isCommaEncoding" as follows:

bool
Headers::isCommaEncoding(Type type)
{
   if(type+1 >= sizeof(CommaEncoding))
   {
      std::cout << "OUT_OF_RANGE_ERROR:"
                << " (int)type+1 = " << (int)type+1
<< " sizeof(CommaEncoding) = " << sizeof (CommaEncoding)
                << std::endl;
      assert(false);
   }
   return CommaEncoding[type+1];
}

------------------------------------------------------------
STEP 2) Run "resiprocate/test/testSipMessage"

------------------------------------------------------------
STEP 3) Program fails as follows:

OUT_OF_RANGE_ERROR: (int)type+1 = 79 sizeof(CommaEncoding) = 78
Assertion failed: false, file Headers.cxx, line 40
Abort (core dumped)

------------------------------------------------------------
STEP 4) Minimum code required to duplicate error is as follows:

int
main(int argc, char** argv)
{
   SipMessage m;
   UnknownHeaderType h("tweedle-dee");
   m.header(h).push_back(StringCategory("Joe"));
   m.header(h).push_back(StringCategory("Banks"));
   const Data d(Data::from(m));
   std::cout << "d = [" << d << "]" << std::endl;
   return 0;
}

------------------------------------------------------------
END: Steps to reproduce array overflow bug

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel

Attachment: smime.p7s
Description: S/MIME cryptographic signature