[reSIProcate] bad_alloc exception in ConnectionBase.cxx

Björn Andersson bjorn.v.andersson at ericsson.com
Fri Mar 7 09:50:23 CST 2008 

I'm running on 1.0.2. I had a quick look with the code browser if this 
was fixed, but apparently I missed it.

sorry for the trouble
Björn

Byron Campen wrote:
>     What revision are you working with? This had already been fixed 
> on  head I thought.
>
> Best regards,
> Byron Campen
>
>> Hi,
>> We have run test with the Codenomicon test tool. It sends a BYE (tcp
>> transport) with an unreasonable Content-Length:
>> INVITE sip:user at to.example.com SIP/2.0
>> To: <sip:user at to.example.com>
>> From: "user" <sip:user at from.example.com:5060>;tag=00007359
>> Via: SIP/2.0/UDP from.example.com: 5060;branch=z9hG4bK7359t1180001580949
>> Call-ID: s0c00007359i0t1180001580949 at from.example.com
>> Contact: "user" <sip:user at from.example.com;transport=udp>
>> Content-Length: 1073741823
>> Content-Type: application/sdp
>> CSeq: 7359 INVITE
>> Max-Forwards: 70
>>
>> v=0
>> o=user 1 1 IN IP4 192.168.2.44
>> s=Codenomicon SIP UAS Test Tool 3.2 (http://www.codenomicon.com/)
>> c=IN IP4 192.168.2.44
>> t=0 0
>> m=audio 49158 RTP/AVP 0
>> a=rtpmap:0 PCMU/8000
>>
>>
>> This causes a bad_alloc exception in ConnetionBase.cxx, so I've done a
>> patch to do some kind of check if size is reasonable.
>>
>> best regards
>> Björn
>>
>>
>> --- ConnectionBase.cxx.orig    2008-03-07 08:59:33.000000000 +0100
>> +++ ConnectionBase.cxx    2008-03-07 09:01:25.000000000 +0100
>> @@ -197,6 +197,8 @@
>>              {
>>                 // The message header is complete.
>>                 contentLength=mMessage->header 
>> (h_ContentLength).value();
>> +               if (contentLength > 65565)
>> +                  throw resip::ParseBuffer::Exception("unreasonable
>> length", "Content-Length", __FILE__, __LINE__);
>>              }
>>              catch(resip::ParseException& e)
>>              {
>> @@ -295,6 +297,8 @@
>>           try
>>           {
>>               contentLength = mMessage->header 
>> (h_ContentLength).value();
>> +             if (contentLength > 65565)
>> +                throw resip::ParseBuffer::Exception("unreasonable
>> length", "Content-Length", __FILE__, __LINE__);
>>           }
>>           catch(resip::ParseException& e)
>>           {
>>
>>
>>
>> -- 
>> This communication is confidential and intended solely for the  
>> addressee(s). Any unauthorized review, use, disclosure or  
>> distribution is prohibited. If you believe this message has been  
>> sent to you in error, please notify the sender by replying to this  
>> transmission and delete the message without disclosing it. Thank you.
>> E-mail including attachments is susceptible to data corruption,  
>> interruption, unauthorized amendment, tampering and viruses, and we  
>> only send and receive e-mails on the basis that we are not liable  
>> for any such corruption, interception, amendment, tampering or  
>> viruses or any consequences thereof.
>>
>> _______________________________________________
>> resiprocate-devel mailing list
>> resiprocate-devel at resiprocate.org
>> https://list.resiprocate.org/mailman/listinfo/resiprocate-devel
>

-- 
This communication is confidential and intended solely for the addressee(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you believe this message has been sent to you in error, please notify the sender by replying to this transmission and delete the message without disclosing it. Thank you.
E-mail including attachments is susceptible to data corruption, interruption, unauthorized amendment, tampering and viruses, and we only send and receive e-mails on the basis that we are not liable for any such corruption, interception, amendment, tampering or viruses or any consequences thereof.

More information about the resiprocate-devel mailing list