[reSIProcate] bad_alloc exception in ConnectionBase.cxx

Byron Campen bcampen at estacado.net
Fri Mar 7 08:49:04 CST 2008 

	What revision are you working with? This had already been fixed on  
head I thought.

Best regards,
Byron Campen

> Hi,
> We have run test with the Codenomicon test tool. It sends a BYE (tcp
> transport) with an unreasonable Content-Length:
> INVITE sip:user at to.example.com SIP/2.0
> To: <sip:user at to.example.com>
> From: "user" <sip:user at from.example.com:5060>;tag=00007359
> Via: SIP/2.0/UDP from.example.com: 
> 5060;branch=z9hG4bK7359t1180001580949
> Call-ID: s0c00007359i0t1180001580949 at from.example.com
> Contact: "user" <sip:user at from.example.com;transport=udp>
> Content-Length: 1073741823
> Content-Type: application/sdp
> CSeq: 7359 INVITE
> Max-Forwards: 70
>
> v=0
> o=user 1 1 IN IP4 192.168.2.44
> s=Codenomicon SIP UAS Test Tool 3.2 (http://www.codenomicon.com/)
> c=IN IP4 192.168.2.44
> t=0 0
> m=audio 49158 RTP/AVP 0
> a=rtpmap:0 PCMU/8000
>
>
> This causes a bad_alloc exception in ConnetionBase.cxx, so I've done a
> patch to do some kind of check if size is reasonable.
>
> best regards
> Björn
>
>
> --- ConnectionBase.cxx.orig    2008-03-07 08:59:33.000000000 +0100
> +++ ConnectionBase.cxx    2008-03-07 09:01:25.000000000 +0100
> @@ -197,6 +197,8 @@
>              {
>                 // The message header is complete.
>                 contentLength=mMessage->header 
> (h_ContentLength).value();
> +               if (contentLength > 65565)
> +                  throw resip::ParseBuffer::Exception("unreasonable
> length", "Content-Length", __FILE__, __LINE__);
>              }
>              catch(resip::ParseException& e)
>              {
> @@ -295,6 +297,8 @@
>           try
>           {
>               contentLength = mMessage->header 
> (h_ContentLength).value();
> +             if (contentLength > 65565)
> +                throw resip::ParseBuffer::Exception("unreasonable
> length", "Content-Length", __FILE__, __LINE__);
>           }
>           catch(resip::ParseException& e)
>           {
>
>
>
> -- 
> This communication is confidential and intended solely for the  
> addressee(s). Any unauthorized review, use, disclosure or  
> distribution is prohibited. If you believe this message has been  
> sent to you in error, please notify the sender by replying to this  
> transmission and delete the message without disclosing it. Thank you.
> E-mail including attachments is susceptible to data corruption,  
> interruption, unauthorized amendment, tampering and viruses, and we  
> only send and receive e-mails on the basis that we are not liable  
> for any such corruption, interception, amendment, tampering or  
> viruses or any consequences thereof.
>
> _______________________________________________
> resiprocate-devel mailing list
> resiprocate-devel at resiprocate.org
> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2423 bytes
Desc: not available
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20080307/c944f1d8/attachment.bin>

More information about the resiprocate-devel mailing list