![(please configure the [header_logo] section in trac.ini)](/repos/chrome/site/pj.jpg)
#2063 closed enhancement (fixed)
Add more documentation in PJSIP's parser to prevent stack buffer overflow — at Version 4
| Reported by: | ming | Owned by: | bennylp |
|---|---|---|---|
| Priority: | normal | Milestone: | release-2.8 |
| Component: | pjsip | Version: | trunk |
| Keywords: | Cc: | ||
| Backport to 1.x milestone: | Backported: | no |
Description (last modified by ming)
This ticket will add more documentation in the description of the APIs in pjsip's sip_parser.c, in particular the requirement that the buffer must be NULL terminated and the size parameter must not include the NULL terminator.
Also in the ticket:
- Modify the spec of pjlib-util's scanner. Originally, the spec said that the scanner will add the NULL terminator right AFTER the end of the buffer, however it turns out that the current implementation didn't do that, probably for a good reason, i.e. to avoid buffer overwrite. So, we change the spec instead, to require that the input buffer passed to the scanner needs to be NULL terminated by app.
- Add robustness check in sip_multipart to prevent buffer overflow
Change History (4)
comment:1 Changed 7 years ago by ming
- Description modified (diff)
comment:2 Changed 7 years ago by ming
- Resolution set to fixed
- Status changed from new to closed
comment:3 Changed 7 years ago by ming
In 5695:
comment:4 Changed 7 years ago by ming
- Description modified (diff)
Note: See
TracTickets for help on using
tickets.
In 5693: