Ticket #2063 (closed enhancement: fixed)

Opened 8 days ago

Last modified 5 days ago

Add more documentation throughout PJSIP to prevent stack buffer overflow

Reported by: ming Owned by: bennylp
Priority: normal Milestone: release-2.8
Component: pjsip Version: trunk
Keywords: Cc:
Backport to 1.x milestone: Backported: no

Description (last modified by ming) (diff)

This ticket will add more documentation in the description of the library's functions, such as the APIs in pjsip's sip_parser, sdp parser, and xml parser. In particular, the doc will clearly state about the requirement that the buffer must be NULL terminated and the size parameter must not include the NULL terminator.

Also in the ticket:

  • Modify the spec of pjlib-util's scanner. Originally, the spec said that the scanner will add the NULL terminator right AFTER the end of the buffer, however it turns out that the current implementation doesn't do that, probably for a few good reasons, i.e. to avoid buffer overwrite, prevent writing to a read-only buffer, and avoid synchronization issue (when more than one thread process the same buffer) . So, we change the spec instead, to require that the input buffer passed to the scanner to be NULL terminated by app.
  • There are a few instances in the library where we don't pass NULL terminated buffer to the scanner. This is intentional and should be safe because:
    • The buffer should be part of a bigger, NULL-terminated buffer (for example, when parsing each line in the SDP).
    • We can take advantage of another character as the sentinel (such as newline).
  • Add robustness check in sip_multipart to prevent buffer overflow

Change History

comment:1 Changed 8 days ago by ming

  • Description modified (diff)

comment:2 Changed 8 days ago by ming

  • Status changed from new to closed
  • Resolution set to fixed

In 5693:

Fixed #2063: Add more documentation in PJSIP's parser to prevent stack buffer overflow

comment:3 Changed 8 days ago by ming

In 5695:

Re #2063: Temporarily disable the assertion

comment:4 Changed 8 days ago by ming

  • Description modified (diff)

comment:5 Changed 7 days ago by ming

  • Description modified (diff)
  • Summary changed from Add more documentation in PJSIP's parser to prevent stack buffer overflow to Add more documentation throughout PJSIP to prevent stack buffer overflow

comment:6 Changed 5 days ago by ming

In 5697:

Re #2063: Add more doc in other parts of the library

Note: See TracTickets for help on using tickets.