diff --git a/debian/patches/series b/debian/patches/series index ba034b6aa..6c87349f4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -32,6 +32,7 @@ sipwise/sca-fix-notify-after-bye.patch sipwise/sca-add-pai_avp-parameter.patch ## upstream 5.8 upstream/sca-reserve-subscription.rr.s-separately-since-it-co.patch +upstream/core_tcp_read_check_for_first_msrp_line.patch ## upstream master upstream/rtpengine_rework_rtpp_flags.patch upstream/cfgutils-expose-optional-second-string-key-for-lock.patch diff --git a/debian/patches/upstream/core_tcp_read_check_for_first_msrp_line.patch b/debian/patches/upstream/core_tcp_read_check_for_first_msrp_line.patch new file mode 100644 index 000000000..8fc9a9dfa --- /dev/null +++ b/debian/patches/upstream/core_tcp_read_check_for_first_msrp_line.patch @@ -0,0 +1,36 @@ +--- a/src/core/tcp_read.c ++++ b/src/core/tcp_read.c +@@ -1036,11 +1036,31 @@ int tcp_read_headers(struct tcp_connecti + /* locate transaction id in first line + * -- first line exists, that's why we are here */ + mfline = q_memchr(r->start, '\n', r->pos - r->start); +- mtransid.s = q_memchr( +- r->start + 5 /* 'MSRP ' */, ' ', mfline - r->start); ++ if(mfline == NULL || mfline - r->start < 8) { ++ r->error = TCP_READ_ERROR; ++ r->state = H_SKIP; /* skip now */ ++ goto skip; ++ } ++ mtransid.s = q_memchr(r->start + 5 /* 'MSRP ' */, ' ', ++ mfline - r->start - 5); ++ if(mtransid.s == NULL) { ++ r->error = TCP_READ_ERROR; ++ r->state = H_SKIP; /* skip now */ ++ goto skip; ++ } + mtransid.len = mtransid.s - r->start - 5; ++ if(mtransid.len <= 0) { ++ r->error = TCP_READ_ERROR; ++ r->state = H_SKIP; /* skip now */ ++ goto skip; ++ } + mtransid.s = r->start + 5; + trim(&mtransid); ++ if(mtransid.len <= 0) { ++ r->error = TCP_READ_ERROR; ++ r->state = H_SKIP; /* skip now */ ++ goto skip; ++ } + if(memcmp(mtransid.s, + p - 1 /*\r*/ - 1 /* '+'|'#'|'$' */ + - mtransid.len,