#2063 closed enhancement (fixed)
Add more documentation throughout PJSIP to prevent stack buffer overflow
Reported by: | ming | Owned by: | bennylp |
---|---|---|---|
Priority: | normal | Milestone: | release-2.8 |
Component: | pjsip | Version: | trunk |
Keywords: | Cc: | ||
Backport to 1.x milestone: | Backported: | no |
Description (last modified by ming)
This ticket will add more documentation in the description of the library's functions, such as the APIs in pjsip's sip_parser, sdp parser, and xml parser. In particular, the doc will clearly state about the requirement that the buffer must be NULL terminated and the size parameter must not include the NULL terminator.
Also in the ticket:
- Modify the spec of pjlib-util's scanner. Originally, the spec said that the scanner will add the NULL terminator right AFTER the end of the buffer, however it turns out that the current implementation doesn't do that, probably for a few good reasons, i.e. to avoid buffer overwrite, prevent writing to a read-only buffer, and avoid synchronization issue (when more than one thread process the same buffer) . So, we change the spec instead, to require that the input buffer passed to the scanner to be NULL terminated by app.
- There are a few instances in the library where we don't pass NULL terminated buffer to the scanner. This is intentional and should be safe because:
- The buffer should be part of a bigger, NULL-terminated buffer (for example, when parsing each line in the SDP).
- We can take advantage of another character as the sentinel (such as newline).
- Add robustness check in sip_multipart to prevent buffer overflow
Change History (6)
comment:1 Changed 7 years ago by ming
- Description modified (diff)
comment:2 Changed 7 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
comment:3 Changed 7 years ago by ming
In 5695:
comment:4 Changed 7 years ago by ming
- Description modified (diff)
comment:5 Changed 7 years ago by ming
- Description modified (diff)
- Summary changed from Add more documentation in PJSIP's parser to prevent stack buffer overflow to Add more documentation throughout PJSIP to prevent stack buffer overflow
comment:6 Changed 7 years ago by ming
In 5697:
Note: See
TracTickets for help on using
tickets.
In 5693: