< Previous by Date Date Index Next by Date >
  Thread Index Next in Thread >

[reSIProcate] ParserCategory will accept empty parameters


In ParserCategory::parseParameters(), the following code will accept empty parameters:

*snip*
      if (  (!pb.eof() && *pb.position() == Symbols::SEMI_COLON[0]) )
      {
         // extract the key
         pb.skipChar();
         const char* keyStart = pb.skipWhitespace();
         const char* keyEnd = pb.skipToOneOf(" \t\r\n;=?>");  //!dlb! @ here?
         ParameterTypes::Type type = ParameterTypes::getType(keyStart, (keyEnd - keyStart));
         if (type == ParameterTypes::UNKNOWN)
         {
            mUnknownParameters.push_back(new UnknownParameter(keyStart, 
                                                              int((keyEnd - keyStart)), pb, " \t\r\n;?>"));
         }
         else
         {
            // invoke the particular factory
            mParameters.push_back(ParameterTypes::ParameterFactories[type](type, pb, " \t\r\n;?>"));
         }
      }

*snip*

This isn't such a bad thing for a endpoint, but servers MUST not re-emit this sort of thing. Also, someone could eat us alive if they sent traffic containing stuff like this to us:

To: "Kaboom"<sip:foo@bar;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;etc... out to ~64K>

We'd end up filling a std::vector with around 60K empty Datas for every message sent at us.

Best regards,
Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature