From 52d5bb4baa1292e877ffcd1259e8f725f7c1eda7 Mon Sep 17 00:00:00 2001 From: kpfleming Date: Wed, 12 Mar 2008 19:16:07 +0000 Subject: [PATCH] if we receive an INVITE with a Content-Length that is not a valid number, or is zero, then don't process the rest of the message body looking for an SDP closes issue #11475 Reported by: andrebarbosa git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@108086 614ede4d-c843-0410-af14-a771ab80d22e --- channels/chan_sip.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 113fe9518..cf8a78e94 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -4856,6 +4856,7 @@ static void parse_request(struct sip_request *req) static int find_sdp(struct sip_request *req) { const char *content_type; + const char *content_length; const char *search; char *boundary; unsigned int x; @@ -4863,6 +4864,20 @@ static int find_sdp(struct sip_request *req) int found_application_sdp = FALSE; int found_end_of_headers = FALSE; + content_length = get_header(req, "Content-Length"); + + if (!ast_strlen_zero(content_length)) { + if (sscanf(content_length, "%ud", &x) != 1) { + ast_log(LOG_WARNING, "Invalid Content-Length: %s\n", content_length); + return 0; + } + + /* Content-Length of zero means there can't possibly be an + SDP here, even if the Content-Type says there is */ + if (x == 0) + return 0; + } + content_type = get_header(req, "Content-Type"); /* if the body contains only SDP, this is easy */ -- 2.11.4.GIT