< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] ParserCategory will accept empty parameters

From: Byron Campen <bcampen@xxxxxxxxxxxx>
Date: Thu, 3 Aug 2006 11:31:27 -0500

In ParserCategory::parseParameters(), the following code will accept empty parameters:

*snip*

if ( (!pb.eof() && *pb.position() == Symbols::SEMI_COLON[0]) )

{

// extract the key

pb.skipChar();

const char* keyStart = pb.skipWhitespace();

const char* keyEnd = pb.skipToOneOf(" \t\r\n;=?>"); //!dlb! @ here?

ParameterTypes::Type type = ParameterTypes::getType(keyStart, (keyEnd - keyStart));

if (type == ParameterTypes::UNKNOWN)

{

mUnknownParameters.push_back(new UnknownParameter(keyStart,

int((keyEnd - keyStart)), pb, " \t\r\n;?>"));

}

else

{

// invoke the particular factory

mParameters.push_back(ParameterTypes::ParameterFactories[type](type, pb, " \t\r\n;?>"));

}

*snip*

This isn't such a bad thing for a endpoint, but servers MUST not re-emit this sort of thing. Also, someone could eat us alive if they sent traffic containing stuff like this to us:

To: "Kaboom"<sip:foo@bar;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;etc... out to ~64K>

We'd end up filling a std::vector with around 60K empty Datas for every message sent at us.

Best regards,

Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Prev by Date: Re: [reSIProcate] Mulitple ENUM Servers
Next by Date: Re: [reSIProcate] Content-Length is not taken seriously by SipMessage
Previous by thread: Re: [reSIProcate] Content-Length is not taken seriously by SipMessage
Next by thread: Re: [reSIProcate] ParserCategory will accept empty parameters
Index(es):
- Date
- Thread