From 15f8b9b8bfe340441950a67b16b3b5b74cc7d15e Mon Sep 17 00:00:00 2001 From: Sean Bright Date: Sun, 31 Dec 2017 11:26:54 -0500 Subject: ice: Increase foundation buffer size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per RFC 5245, the foundation specified with an ICE candidate can be up to 32 characters but we are only allowing for 31. ASTERISK-27498 #close Reported by: Michele PrĂ  Change-Id: I05ce7a5952721a76a2b4c90366168022558dc7cf --- channels/chan_sip.c | 4 ++-- main/sdp_state.c | 4 ++-- res/res_pjsip_sdp_rtp.c | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/channels/chan_sip.c b/channels/chan_sip.c index ed94948a4..e204f0053 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -11343,7 +11343,7 @@ static int process_sdp_a_ice(const char *a, struct sip_pvt *p, struct ast_rtp_in { struct ast_rtp_engine_ice *ice; int found = FALSE; - char ufrag[256], pwd[256], foundation[32], transport[4], address[46], cand_type[6], relay_address[46] = ""; + char ufrag[256], pwd[256], foundation[33], transport[4], address[46], cand_type[6], relay_address[46] = ""; struct ast_rtp_engine_ice_candidate candidate = { 0, }; unsigned int port, relay_port = 0; @@ -11357,7 +11357,7 @@ static int process_sdp_a_ice(const char *a, struct sip_pvt *p, struct ast_rtp_in } else if (sscanf(a, "ice-pwd: %255s", pwd) == 1) { ice->set_authentication(instance, NULL, pwd); found = TRUE; - } else if (sscanf(a, "candidate: %31s %30u %3s %30u %23s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority, + } else if (sscanf(a, "candidate: %32s %30u %3s %30u %23s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority, address, &port, cand_type, relay_address, &relay_port) >= 7) { if (rtcp_mux_offered && ast_test_flag(&p->flags[2], SIP_PAGE3_RTCP_MUX) && candidate.id > 1) { diff --git a/main/sdp_state.c b/main/sdp_state.c index bccde612a..5f9ad5eb9 100644 --- a/main/sdp_state.c +++ b/main/sdp_state.c @@ -2171,7 +2171,7 @@ static void update_ice(const struct ast_sdp_state *state, struct ast_rtp_instanc /* Find all of the candidates */ for (attr_i = 0; attr_i < ast_sdp_m_get_a_count(remote_m_line); ++attr_i) { - char foundation[32]; + char foundation[33]; char transport[32]; char address[INET6_ADDRSTRLEN + 1]; char cand_type[6]; @@ -2187,7 +2187,7 @@ static void update_ice(const struct ast_sdp_state *state, struct ast_rtp_instanc continue; } - if (sscanf(attr->value, "%31s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", + if (sscanf(attr->value, "%32s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority, address, &port, cand_type, relay_address, &relay_port) < 7) { /* Candidate did not parse properly */ diff --git a/res/res_pjsip_sdp_rtp.c b/res/res_pjsip_sdp_rtp.c index 854ed1459..9e0411903 100644 --- a/res/res_pjsip_sdp_rtp.c +++ b/res/res_pjsip_sdp_rtp.c @@ -627,7 +627,7 @@ static void process_ice_attributes(struct ast_sip_session *session, struct ast_s /* Find all of the candidates */ for (attr_i = 0; attr_i < remote_stream->attr_count; ++attr_i) { - char foundation[32], transport[32], address[PJ_INET6_ADDRSTRLEN + 1], cand_type[6], relay_address[PJ_INET6_ADDRSTRLEN + 1] = ""; + char foundation[33], transport[32], address[PJ_INET6_ADDRSTRLEN + 1], cand_type[6], relay_address[PJ_INET6_ADDRSTRLEN + 1] = ""; unsigned int port, relay_port = 0; struct ast_rtp_engine_ice_candidate candidate = { 0, }; @@ -640,7 +640,7 @@ static void process_ice_attributes(struct ast_sip_session *session, struct ast_s ast_copy_pj_str(attr_value, (pj_str_t*)&attr->value, sizeof(attr_value)); - if (sscanf(attr_value, "%31s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, + if (sscanf(attr_value, "%32s %30u %31s %30u %46s %30u typ %5s %*s %23s %*s %30u", foundation, &candidate.id, transport, (unsigned *)&candidate.priority, address, &port, cand_type, relay_address, &relay_port) < 7) { /* Candidate did not parse properly */ continue; -- cgit v1.2.3