Browse code

parser: safety check for max port length in URI

- can't be longer than 5, a port being 16b value
- reported by Kevin Wojtysiak

Daniel-Constantin Mierla authored on 08/04/2013 22:18:35
Showing 1 changed files
... ...
@@ -1222,6 +1222,10 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
1222 1222
 			goto error_bad_uri;
1223 1223
 			break; /* do nothing, avoids a compilation warning */
1224 1224
 	}
1225
+
1226
+	if(uri->port.len>5)
1227
+		goto error_invalid_port;
1228
+
1225 1229
 #ifdef EXTRA_DEBUG
1226 1230
 	/* do stuff */
1227 1231
 	DBG("parsed uri:\n type=%d user=<%.*s>(%d)\n passwd=<%.*s>(%d)\n"
... ...
@@ -1285,6 +1289,10 @@ error_bad_port:
1285 1289
 		*p, state, (int)(p-buf), ZSW(buf), (int)(p-buf),
1286 1290
 		len, ZSW(buf), len);
1287 1291
 	goto error_exit;
1292
+error_invalid_port:
1293
+	DBG("parse_uri: bad port in uri: [%.*s] in <%.*s>\n",
1294
+			uri->port.len, uri->port.s, len, ZSW(buf));
1295
+	goto error_exit;
1288 1296
 error_bad_uri:
1289 1297
 	DBG("parse_uri: bad uri,  state %d"
1290 1298
 		" parsed: <%.*s> (%d) / <%.*s> (%d)\n",