![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
Opened 7 years ago
Last modified 7 years ago
#2016 closed defect
Buffer overrun in PJSIP transaction layer — at Initial Version
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.7 |
| Component: | pjsip | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description
A crash can happen if PJSIP receives a message with a specific CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.
Note: See
TracTickets for help on using
tickets.
