| < Previous by Date | Date Index | Next by Date > |
| < Previous in Thread | Thread Index | Next in Thread > |
On 8/3/06, Byron Campen <bcampen@xxxxxxxxxxxx> wrote:When a SipMessage is created, the value in the Content- Length headeris ignored. Instead, we assume everything that remains in the buffer is part of the body, and use that to calculate our Content-Length. Technically, we must take the Content-Length header-field-valueseriously, and ignore/discard any extra bytes. Why aren't we doing this?I assume you are talking specifically about the UDP transport. In the case of TCP/TLS the content-Length header is required to do framing. For UDP, since the message comes over a UDP datagram, we know it came from the sender. There is a DOS attack possible here where you could send a 64k datagram but the same attack is possible if you send a 64k datagram with a 64k Content-Length. A solution to this is to simply limit the maximum size of UDP packet that can be received, scanned and parsed.
This is all fine and good, but what if we are going to be forwarding something that might have garbage tacked to the end of the body? RFC 3261 section 18.3 is very specific about this; we MUST take Content- Length seriously, even over UDP.
Best regards, Byron Campen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature