< Previous by Date Date Index Next by Date >
< Previous in Thread Thread Index  

Re: [reSIProcate] crash after receiving invalid Via line


Actually, this will break certain header types. An empty HFV has meaning in some cases that is distinct from the header not being present. The code at fault is the following:

*snip*
const Data&
SipMessage::getRFC2543TransactionId() const
{
   if(!( exists(h_Vias) && header(h_Vias).front().exists(p_branch) &&
         header(h_Vias).front().param(p_branch).hasMagicCookie() ) )
   {
      if (mRFC2543TransactionId.empty())
      {
         compute2543TransactionHash();
      }
   }
   return mRFC2543TransactionId;
}
*snip*

This needs to read as follows:
*snip*
const Data&
SipMessage::getRFC2543TransactionId() const
{
   if(!( exists(h_Vias) && !header(h_Vias).empty() && header(h_Vias).front().exists(p_branch) &&
         header(h_Vias).front().param(p_branch).hasMagicCookie() ) )
   {
      if (mRFC2543TransactionId.empty())
      {
         compute2543TransactionHash();
      }
   }
   return mRFC2543TransactionId;
}

*snip*

Best regards,
Byron Campen

Further detail & possible fix:

bool    
SipMessage::exists(const HeaderBase& headerType) const 
{
//patch for crash if Via does not contain a body:
HeaderFieldValueList *hfvl = mHeaders[headerType.getTypeNum()];
   return (hfvl!= 0) && (!hfvl->empty()) ;
};

It looks like with the above patch the following code is now called:

Transport::basicCheck(const SipMessage& msg)
{
   resip::Data reason;
   if (msg.isExternal())
   {
      try
      {
         if (!Helper::validateMessage(msg,&reason))
         {
            InfoLog(<<"Message Failed basicCheck :" << msg.brief());

And when the response is set to the wire an assertion is called:

TransactionState:1666:

assert(sip->exists(h_Vias));


Will this patch work ok?


Thanks,

-Justin

-----Original Message-----
From: Justin Matthews [mailto:jmatthewsr@xxxxxxxxx] 
Sent: Friday, November 03, 2006 3:39 PM
Subject: crash after receiving invalid Via line

The stack is crashing when receiving a request with a via line equal to
"Via: ".  The actual crash occurs in SipMessage.cxx:435,
SipMessage::getRFC2543TransactionId, when accessing the via header.  The
header exists in the mheaders container of the SipMessage, but it does not
contain any values, so the front() call on line 435 fails.

Can some initial checking be done in the MsgHeaderScanner.cxx,
processMsgHeaderStatusLine() to drop this message?

Thanks,

-Justin



Example request:

CANCEL sip:dest@xxxxxxxxxxxx SIP/2.0
Via: 
From: "12345" <sip:12345@xxxxxxxxxxxx>
Date: Fri, 03 Nov 2006 23:01:23 GMT
CSeq: 0 CANCEL
Contact: <sip:12345@xxxxxxxxxxxx:5060>
Content-Length: 0




_______________________________________________
resiprocate-devel mailing list

Attachment: smime.p7s
Description: S/MIME cryptographic signature