pjsip: prevent memory corruption on creation of xml bodies

ASTERISK-26776 #close Change-Id: I884b6f4e8233a355d0be687ec78d41bc0e4d3fd2
author: Joshua Elson <joshelson@gmail.com> 2017-03-13 14:21:23 -0600
committer: Joshua Elson <joshelson@gmail.com> 2017-03-21 08:26:04 -0600
commit: 91c97b5da5fd7008b8a5f90565ba26d72c014d9f (patch)
tree: 48b129cde7395219efd072b020717e43db25e159
parent: 8386a38e06d661c13b5dd581ab829ff5a8762f54 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/third-party/pjproject/patches/0025-fix-print-xml-crash.patch b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
new file mode 100644
index 000000000..eafc38906
--- /dev/null
+++ b/third-party/pjproject/patches/0025-fix-print-xml-crash.patch
@@ -0,0 +1,24 @@
+From 1bc5ca699f523bd8e910203a3eb4dee58f366976 Mon Sep 17 00:00:00 2001
+From: Joshua Elson <joshelson@gmail.com>
+Date: Mon, 20 Mar 2017 19:28:47 -0600
+Subject: [PATCH] Prevent memory corruption on xml tag write
+
+---
+ pjlib-util/src/pjlib-util/xml.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/pjlib-util/src/pjlib-util/xml.c b/pjlib-util/src/pjlib-util/xml.c
+index 296b232..b0aad26 100644
+--- a/pjlib-util/src/pjlib-util/xml.c
++++ b/pjlib-util/src/pjlib-util/xml.c
+@@ -248,6 +248,7 @@ static int xml_print_node( const pj_xml_node *node, int indent,
+     if (node->content.slen==0 &&
+ 	node->node_head.next==(pj_xml_node*)&node->node_head)
+     {
++	if (SIZE_LEFT() < 3) return -1;
+ 	*p++ = ' ';
+ 	*p++ = '/';
+ 	*p++ = '>';
+-- 
+2.10.1 (Apple Git-78)
+
author	Joshua Elson <joshelson@gmail.com>	2017-03-13 14:21:23 -0600
committer	Joshua Elson <joshelson@gmail.com>	2017-03-21 08:26:04 -0600
commit	91c97b5da5fd7008b8a5f90565ba26d72c014d9f (patch)
tree	48b129cde7395219efd072b020717e43db25e159
parent	8386a38e06d661c13b5dd581ab829ff5a8762f54 (diff)