[reSIProcate] bad_alloc exception in ConnectionBase.cxx
Hi,
We have run test with the Codenomicon test tool. It sends a BYE (tcp
transport) with an unreasonable Content-Length:
INVITE sip:user@xxxxxxxxxxxxxx SIP/2.0
To: <sip:user@xxxxxxxxxxxxxx>
From: "user" <sip:user@xxxxxxxxxxxxxxxx:5060>;tag=00007359
Via: SIP/2.0/UDP from.example.com:5060;branch=z9hG4bK7359t1180001580949
Call-ID: s0c00007359i0t1180001580949@xxxxxxxxxxxxxxxx
Contact: "user" <sip:user@xxxxxxxxxxxxxxxx;transport=udp>
Content-Length: 1073741823
Content-Type: application/sdp
CSeq: 7359 INVITE
Max-Forwards: 70
v=0
o=user 1 1 IN IP4 192.168.2.44
s=Codenomicon SIP UAS Test Tool 3.2 (http://www.codenomicon.com/)
c=IN IP4 192.168.2.44
t=0 0
m=audio 49158 RTP/AVP 0
a=rtpmap:0 PCMU/8000
This causes a bad_alloc exception in ConnetionBase.cxx, so I've done a
patch to do some kind of check if size is reasonable.
best regards
Björn
--- ConnectionBase.cxx.orig 2008-03-07 08:59:33.000000000 +0100
+++ ConnectionBase.cxx 2008-03-07 09:01:25.000000000 +0100
@@ -197,6 +197,8 @@
{
// The message header is complete.
contentLength=mMessage->header(h_ContentLength).value();
+ if (contentLength > 65565)
+ throw resip::ParseBuffer::Exception("unreasonable
length", "Content-Length", __FILE__, __LINE__);
}
catch(resip::ParseException& e)
{
@@ -295,6 +297,8 @@
try
{
contentLength = mMessage->header(h_ContentLength).value();
+ if (contentLength > 65565)
+ throw resip::ParseBuffer::Exception("unreasonable
length", "Content-Length", __FILE__, __LINE__);
}
catch(resip::ParseException& e)
{
--
This communication is confidential and intended solely for the addressee(s).
Any unauthorized review, use, disclosure or distribution is prohibited. If you
believe this message has been sent to you in error, please notify the sender by
replying to this transmission and delete the message without disclosing it.
Thank you.
E-mail including attachments is susceptible to data corruption, interruption,
unauthorized amendment, tampering and viruses, and we only send and receive
e-mails on the basis that we are not liable for any such corruption,
interception, amendment, tampering or viruses or any consequences thereof.