< Previous by Date | Date Index | Next by Date > |
Thread Index | Next in Thread > |
In ParserCategory::parseParameters(), the following code will accept empty parameters: *snip* if ( (!pb.eof() && *pb.position() == Symbols::SEMI_COLON[0]) ) { // extract the key pb.skipChar(); const char* keyStart = pb.skipWhitespace(); const char* keyEnd = pb.skipToOneOf(" \t\r\n;=?>"); //!dlb! @ here? ParameterTypes::Type type = ParameterTypes::getType(keyStart, (keyEnd - keyStart)); if (type == ParameterTypes::UNKNOWN) { mUnknownParameters.push_back(new UnknownParameter(keyStart, int((keyEnd - keyStart)), pb, " \t\r\n;?>")); } else { // invoke the particular factory mParameters.push_back(ParameterTypes::ParameterFactories[type](type, pb, " \t\r\n;?>")); } } *snip* This isn't such a bad thing for a endpoint, but servers MUST not re-emit this sort of thing. Also, someone could eat us alive if they sent traffic containing stuff like this to us: To: "Kaboom"<sip:foo@bar;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;etc... out to ~64K> We'd end up filling a std::vector with around 60K empty Datas for every message sent at us. Best regards, Byron Campen |
Attachment:
smime.p7s
Description: S/MIME cryptographic signature