[reSIProcate] [PATCH] Reject connection with empty address
Nir Soffer
nirs at hyperms.com
Thu Feb 2 15:11:56 CST 2012
This patch fixes a random crash when SDP with empty address is received.
We have seen random crashes in the field and can reproduce them using this
SDP:
v=0
o=- 2529516958 2458138078 IN IP4
s=VoipSIP
c=IN IP4
t=0 0
m=audio 0 RTP/AVP
When testing this in debug build, we get an empty address as expected.
However, in a real application (optimized build), we get random crashes
when handling this SDP.
The crashes usually happen in resip::Data::c_str.
Looking at core dumps, we see that mBuf is NULL or points to some unrelated
static error string ("double free ..."). mSize is some random huge value
(e.g. 138456879) and mMine has invalid huge values instead of the 3
possible enum values (e.g. resip::Data::Share).
We tried to fix the crashes by checking if the SDP is well formed and found
that the parser does not detect the empty address.
The attached patch fix the parser to reject empty address.
Best regards,
Nir Soffer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20120202/a0503526/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reject-empty-address.patch
Type: text/x-patch
Size: 1875 bytes
Desc: not available
URL: <http://list.resiprocate.org/pipermail/resiprocate-devel/attachments/20120202/a0503526/attachment.bin>
More information about the resiprocate-devel
mailing list