< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] Content-Length is not taken seriously by SipMessage

From: "Jason Fischl" <jason@xxxxxxxxxxxxxxx>
Date: Thu, 3 Aug 2006 08:06:39 -0700

On 8/3/06, Byron Campen <bcampen@xxxxxxxxxxxx> wrote:

        When a SipMessage is created, the value in the Content-Length header
is ignored. Instead, we assume everything that remains in the buffer
is part of the body, and use that to calculate our Content-Length.
Technically, we must take the Content-Length header-field-value
seriously, and ignore/discard any extra bytes. Why aren't we doing this?


I assume you are talking specifically about the UDP transport. In the
case of TCP/TLS the content-Length header is required to do framing.
For UDP, since the message comes over a UDP datagram, we know it came
from the sender. There is a DOS attack possible here where you could
send a 64k datagram but the same attack is possible if you send a 64k
datagram with a 64k Content-Length. A solution to this is to simply
limit the maximum size of UDP packet that can be received, scanned and
parsed.

Follow-Ups:
- Re: [reSIProcate] Content-Length is not taken seriously by SipMessage
  - From: Byron Campen

References:
- [reSIProcate] Content-Length is not taken seriously by SipMessage
  - From: Byron Campen

Prev by Date: [reSIProcate] Content-Length is not taken seriously by SipMessage
Next by Date: Re: [reSIProcate] Content-Length is not taken seriously by SipMessage
Previous by thread: [reSIProcate] Content-Length is not taken seriously by SipMessage
Next by thread: Re: [reSIProcate] Content-Length is not taken seriously by SipMessage
Index(es):
- Date
- Thread