summaryrefslogtreecommitdiff
path: root/include/asterisk/res_pjsip_presence_xml.h
diff options
context:
space:
mode:
authorRichard Mudgett <rmudgett@digium.com>2015-07-02 14:51:29 -0500
committerRichard Mudgett <rmudgett@digium.com>2015-07-06 16:15:12 -0500
commit7cd99be534945fffd5927554c9c4469454008d3c (patch)
treedd067111bae6b7adae9d8cbddb48b96664522600 /include/asterisk/res_pjsip_presence_xml.h
parent792ed7ce93205fc700b3923640fa023b34eff5cb (diff)
PJSIP XML, XPIDF: Fix buffer size overwrite memory corruption error.
When res_pjsip body generator modules were generating XML or XPIDF response bodies, there was a chance that the generated body would be the exact size of the supplied buffer. Adding the nul string terminator would then write beyond the end of the buffer and potentially corrupt memory. * Fix MALLOC_DEBUG high fence violations caused by adding a nul string terminator on the end of a buffer for XML or XPIDF response bodies. * Made calls to pj_xml_print() safer if the XML prolog is requested. Due to a bug in pjproject, the return value could be -1 _or_ AST_PJSIP_XML_PROLOG_LEN if the supplied buffer is not large enough. * Updated the doxygen comment of AST_PJSIP_XML_PROLOG_LEN to describe the return value of pj_xml_print() when the supplied buffer is not large enough. ASTERISK-25168 Reported by: Carl Fortin Change-Id: Id70e1d373a6a2b2bd9e678b5cbc5e55b308981de
Diffstat (limited to 'include/asterisk/res_pjsip_presence_xml.h')
-rw-r--r--include/asterisk/res_pjsip_presence_xml.h9
1 files changed, 5 insertions, 4 deletions
diff --git a/include/asterisk/res_pjsip_presence_xml.h b/include/asterisk/res_pjsip_presence_xml.h
index add5f8918..deed0901e 100644
--- a/include/asterisk/res_pjsip_presence_xml.h
+++ b/include/asterisk/res_pjsip_presence_xml.h
@@ -17,14 +17,15 @@
*/
/*!
- * \brief The length of the XML prolog when printing
- * presence or other XML in PJSIP.
+ * \brief Length of the XML prolog when printing presence or other XML in PJSIP.
*
* When calling any variant of pj_xml_print(), the documentation
* claims that it will return -1 if the provided buffer is not
* large enough. However, if the XML prolog is requested to be
- * printed, then the length of the XML prolog is returned upon
- * failure instead of -1.
+ * printed and the buffer is not large enough, then it will
+ * return -1 only if the buffer is not large enough to hold the
+ * XML prolog or return the length of the XML prolog on failure
+ * instead of -1.
*
* This constant is useful to check against when trying to determine
* if printing XML succeeded or failed.