< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

Re: [reSIProcate] ParserCategory will accept empty parameters


Well, I would argue that at the very least, we need to ensure that resip will not re-emit repeated params. If the easiest way to do this is to prevent the storage of repeated params in the first place, we know what we need to do.

Best regards,
Byron Campen

On Aug 3, 2006, at 7:59 PM, david Butcher wrote:

Well, it is hard to argue with the code snippet :-),
but is shouldn't allow more than one instance of each unknown param by name...

Did we decide it was too expensive to track uniqueness of params?

david

On 8/3/06, david Butcher <davidlbutcher@xxxxxxxxx> wrote:
Are you sure? I haven't looked lately, but if it did generate a param
for empty string, it should store just one, since repeated params are
not permitted.

david

On 8/3/06, Byron Campen <bcampen@xxxxxxxxxxxx> wrote:
>
>  In ParserCategory::parseParameters(), the following code
> will accept empty parameters:
>
> *snip*
> if ( (!pb.eof() && *pb.position() == Symbols::SEMI_COLON [0]) )
>       {
>          // extract the key
>          pb.skipChar();
>          const char* keyStart = pb.skipWhitespace();
> const char* keyEnd = pb.skipToOneOf(" \t\r\n;=?>"); //! dlb! @
> here?
>          ParameterTypes::Type type =
> ParameterTypes::getType(keyStart, (keyEnd - keyStart));
>          if (type == ParameterTypes::UNKNOWN)
>          {
> mUnknownParameters.push_back(new UnknownParameter (keyStart, > int ((keyEnd -
> keyStart)), pb, " \t\r\n;?>"));
>          }
>          else
>          {
>             // invoke the particular factory
>
> mParameters.push_back(ParameterTypes::ParameterFactories[type] (type,
> pb, " \t\r\n;?>"));
>          }
>       }
>
> *snip*
>
> This isn't such a bad thing for a endpoint, but servers MUST not re-emit > this sort of thing. Also, someone could eat us alive if they sent traffic
> containing stuff like this to us:
>
> To:
> "Kaboom"<sip:foo@bar;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;etc...
> out to ~64K>
>
> We'd end up filling a std::vector with around 60K empty Datas for every
> message sent at us.
>
> Best regards,
> Byron Campen
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel@xxxxxxxxxxxxxxxxxxx
> https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
>
>
>


Attachment: smime.p7s
Description: S/MIME cryptographic signature