diff options
author | Richard Mudgett <rmudgett@digium.com> | 2015-08-10 18:23:02 -0500 |
---|---|---|
committer | Richard Mudgett <rmudgett@digium.com> | 2015-08-11 13:49:25 -0500 |
commit | c126afe18f9073f3ee74e45f574da421131b9fa2 (patch) | |
tree | 1991f4937dacffb5f118940ad0b296720a359447 /res | |
parent | 47d9ff1741118d5594c8500dfc5b048b5e04d8a0 (diff) |
res_pjsip.c: Fix crash from corrupt saved SUBSCRIBE message.
If the saved SUBSCRIBE message is not parseable for whatever reason then
Asterisk could crash when libpjsip tries to parse the message and adds an
error message to the parse error list.
* Made ast_sip_create_rdata() initialize the parse error rdata list. The
list is checked after parsing to see that it remains empty for the
function to return successful.
ASTERISK-25306
Reported by Mark Michelson
Change-Id: Ie0677f69f707503b1a37df18723bd59418085256
Diffstat (limited to 'res')
-rw-r--r-- | res/res_pjsip.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/res/res_pjsip.c b/res/res_pjsip.c index 405ac6838..76d013c1c 100644 --- a/res/res_pjsip.c +++ b/res/res_pjsip.c @@ -2649,6 +2649,12 @@ int ast_sip_create_rdata(pjsip_rx_data *rdata, char *packet, const char *src_nam { pj_str_t tmp; + /* + * Initialize the error list in case there is a parse error + * in the given packet. + */ + pj_list_init(&rdata->msg_info.parse_err); + rdata->tp_info.transport = PJ_POOL_ZALLOC_T(rdata->tp_info.pool, pjsip_transport); if (!rdata->tp_info.transport) { return -1; @@ -2659,7 +2665,7 @@ int ast_sip_create_rdata(pjsip_rx_data *rdata, char *packet, const char *src_nam rdata->pkt_info.src_port = src_port; pjsip_parse_rdata(packet, strlen(packet), rdata); - if (!rdata->msg_info.msg) { + if (!rdata->msg_info.msg || !pj_list_empty(&rdata->msg_info.parse_err)) { return -1; } |