From 988e55c13f264d06cf72bdc0fc474e96d64abe8c Mon Sep 17 00:00:00 2001 From: "Kevin P. Fleming" Date: Wed, 12 Mar 2008 19:16:07 +0000 Subject: [PATCH] if we receive an INVITE with a Content-Length that is not a valid number, or is zero, then don't process the rest of the message body looking for an SDP closes issue #11475 Reported by: andrebarbosa git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@108086 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- channels/chan_sip.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 113fe95185..cf8a78e949 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -4856,6 +4856,7 @@ static void parse_request(struct sip_request *req) static int find_sdp(struct sip_request *req) { const char *content_type; + const char *content_length; const char *search; char *boundary; unsigned int x; @@ -4863,6 +4864,20 @@ static int find_sdp(struct sip_request *req) int found_application_sdp = FALSE; int found_end_of_headers = FALSE; + content_length = get_header(req, "Content-Length"); + + if (!ast_strlen_zero(content_length)) { + if (sscanf(content_length, "%ud", &x) != 1) { + ast_log(LOG_WARNING, "Invalid Content-Length: %s\n", content_length); + return 0; + } + + /* Content-Length of zero means there can't possibly be an + SDP here, even if the Content-Type says there is */ + if (x == 0) + return 0; + } + content_type = get_header(req, "Content-Type"); /* if the body contains only SDP, this is easy */