Changeset 5693


Ignore:
Timestamp:
Nov 14, 2017 8:20:15 AM (6 years ago)
Author:
ming
Message:

Fixed #2063: Add more documentation in PJSIP's parser to prevent stack buffer overflow

Location:
pjproject/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • pjproject/trunk/pjlib-util/include/pjlib-util/scanner.h

    r4537 r5693  
    217217 
    218218/** 
    219  * Initialize the scanner. Note that the input string buffer must have 
    220  * length at least buflen+1 because the scanner will NULL terminate the 
    221  * string during initialization. 
     219 * Initialize the scanner. 
     220 * Note that the input string buffer MUST be NULL terminated and have 
     221 * length at least buflen+1 (buflen MUST NOT include the NULL terminator). 
    222222 * 
    223223 * @param scanner   The scanner to be initialized. 
    224  * @param bufstart  The input buffer to scan. Note that buffer[buflen] will be  
    225  *                  filled with NULL char until scanner is destroyed, so 
    226  *                  the actual buffer length must be at least buflen+1. 
     224 * @param bufstart  The input buffer to scan, which must be NULL terminated. 
    227225 * @param buflen    The length of the input buffer, which normally is 
    228  *                  strlen(bufstart). 
     226 *                  strlen(bufstart), hence not counting the NULL terminator. 
    229227 * @param options   Zero, or combination of PJ_SCAN_AUTOSKIP_WS or 
    230228 *                  PJ_SCAN_AUTOSKIP_WS_HEADER 
  • pjproject/trunk/pjlib-util/src/pjlib-util/scanner.c

    r4641 r5693  
    2323#include <pj/except.h> 
    2424#include <pj/os.h> 
     25#include <pj/log.h> 
    2526#include <pj/errno.h> 
    2627#include <pj/assert.h> 
     28 
     29#define THIS_FILE   "scanner.c" 
    2730 
    2831#define PJ_SCAN_IS_SPACE(c)             ((c)==' ' || (c)=='\t') 
     
    117120{ 
    118121    PJ_CHECK_STACK(); 
     122 
     123    /* Buffer validation. Must be NULL terminated. 
     124     * See ticket #2063. 
     125     */ 
     126    pj_assert(*scanner->end == 0); 
    119127 
    120128    scanner->begin = scanner->curptr = bufstart; 
  • pjproject/trunk/pjsip/include/pjsip/sip_parser.h

    r5682 r5693  
    197197/** 
    198198 * Parse an URI in the input and return the correct instance of URI. 
     199 * Note that the input string buffer MUST be NULL terminated and have 
     200 * length at least size+1 (size MUST NOT include the NULL terminator). 
    199201 * 
    200202 * @param pool          The pool to get memory allocations. 
     
    217219/** 
    218220 * Parse SIP status line. 
     221 * Note that the input string buffer MUST be NULL terminated and have 
     222 * length at least size+1 (size MUST NOT include the NULL terminator). 
    219223 * 
    220224 * @param buf           Text buffer to parse, which MUST be NULL terminated. 
     
    235239 * of the body. 
    236240 * 
     241 * Note that the input string buffer MUST be NULL terminated and have 
     242 * length at least size+1 (size MUST NOT include the NULL terminator). 
     243 * 
    237244 * @param pool          The pool to allocate memory. 
    238245 * @param buf           The input buffer, which MUST be NULL terminated. 
     
    257264 * This function is normally called by the transport layer. 
    258265 * 
     266 * Note that the input string buffer MUST be NULL terminated and have 
     267 * length at least size+1 (size MUST NOT include the NULL terminator). 
     268 * 
    259269 * @param buf           The input buffer, which MUST be NULL terminated. 
    260270 * @param size          The length of the string (not counting NULL terminator). 
     
    270280 * Check incoming packet to see if a (probably) valid SIP message has been  
    271281 * received. 
     282 * Note that the input string buffer MUST be NULL terminated. 
    272283 * 
    273284 * @param buf           The input buffer, which must be NULL terminated. 
     
    288299 * This function parses the content of a header (ie. part after colon) according 
    289300 * to the expected name, and will return the correct instance of header. 
     301 * 
     302 * Note that the input string buffer MUST be NULL terminated and have 
     303 * length at least size+1 (size MUST NOT include the NULL terminator).  
    290304 * 
    291305 * @param pool          Pool to allocate memory for the header. 
     
    315329 * is optional for the last header. 
    316330 * 
     331 * Note that the input string buffer MUST be NULL terminated and have 
     332 * length at least size+1 (size MUST NOT include the NULL terminator). 
     333 * 
    317334 * @param pool          The pool. 
    318335 * @param input         The input text to parse, which must be NULL terminated. 
    319  * @param size          The text length. 
     336 * @param size          The text length (not counting NULL terminator). 
    320337 * @param hlist         The header list to store the parsed headers. 
    321338 *                      This list must have been initialized before calling  
  • pjproject/trunk/pjsip/src/pjsip/sip_multipart.c

    r5594 r5693  
    663663            if (*(end_body-1) == '\n') 
    664664                --end_body; 
    665             if (*(end_body-1) == '\r') 
     665            if (end_body > start_body && *(end_body-1) == '\r') 
    666666                --end_body; 
    667667        } 
Note: See TracChangeset for help on using the changeset viewer.