Module: kamailio Branch: master Commit: 3198b66aa5dbda1c6a03f46a610073671cbd5157 URL: https://github.com/kamailio/kamailio/commit/3198b66aa5dbda1c6a03f46a610073671cbd5157
Author: Daniel-Constantin Mierla <mico...@gmail.com> Committer: Daniel-Constantin Mierla <mico...@gmail.com> Date: 2025-01-23T11:52:29+01:00 core: more checks for extract_candidate() --- Modified: src/core/parser/sdp/sdp_helpr_funcs.c --- Diff: https://github.com/kamailio/kamailio/commit/3198b66aa5dbda1c6a03f46a610073671cbd5157.diff Patch: https://github.com/kamailio/kamailio/commit/3198b66aa5dbda1c6a03f46a610073671cbd5157.patch --- diff --git a/src/core/parser/sdp/sdp_helpr_funcs.c b/src/core/parser/sdp/sdp_helpr_funcs.c index 483cfdec70e..61022b6148f 100644 --- a/src/core/parser/sdp/sdp_helpr_funcs.c +++ b/src/core/parser/sdp/sdp_helpr_funcs.c @@ -314,7 +314,7 @@ int extract_candidate(str *body, sdp_stream_cell_t *stream) int len, fl; sdp_ice_attr_t *ice_attr; - if((body->len < 12) || (strncasecmp(body->s, "a=candidate:", 12) != 0)) { + if((body->len <= 12) || (strncasecmp(body->s, "a=candidate:", 12) != 0)) { /*LM_DBG("We are not pointing to an a=candidate: attribute =>`%.*s'\n", body->len, body->s); */ return -1; } @@ -332,6 +332,10 @@ int extract_candidate(str *body, sdp_stream_cell_t *stream) start = space + 1; len = len - (space - start + 1); + if(start + len > body->s + body->len) { + LM_ERR("no component in `a=candidate'\n"); + return -1; + } space = memchr(start, 32, len); if(space == NULL) { LM_ERR("no component in `a=candidate'\n"); _______________________________________________ Kamailio - Development Mailing List -- sr-dev@lists.kamailio.org To unsubscribe send an email to sr-dev-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender!
