From 880c69f00fcaebaaa107f2a4891b34ff8b2534fb Mon Sep 17 00:00:00 2001
From: Kevin Harwell <kharwell@digium.com>
Date: Wed, 31 Jan 2018 13:37:54 -0600
Subject: AST-2018-003: Crash with an invalid SDP fmtp attribute

pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
Because of this Asterisk would crash if given an SDP with an invalid fmtp
attribute.

When retrieving the format this patch now makes sure the fmtp attribute is
available. If not available it now returns an error status.

ASTERISK-27583 #close

Change-Id: I5cebe000ce2d846cae3af33b6d72c416e51caf2f
---
 .../pjproject/patches/0071-sdp_fmtp_attr.patch     | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 third-party/pjproject/patches/0071-sdp_fmtp_attr.patch

(limited to 'third-party/pjproject/patches')

diff --git a/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch b/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch
new file mode 100644
index 000000000..8228d5dd6
--- /dev/null
+++ b/third-party/pjproject/patches/0071-sdp_fmtp_attr.patch
@@ -0,0 +1,34 @@
+diff --git a/pjmedia/src/pjmedia/sdp.c b/pjmedia/src/pjmedia/sdp.c
+index a3dd80b..6117e07 100644
+--- a/pjmedia/src/pjmedia/sdp.c
++++ b/pjmedia/src/pjmedia/sdp.c
+@@ -256,7 +256,8 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtpmap( const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtpmap")==0, PJ_EINVALIDOP);
+ 
+-    PJ_ASSERT_RETURN(attr->value.slen != 0, PJMEDIA_SDP_EINATTR);
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
+ 
+     init_sdp_parser();
+ 
+@@ -341,6 +342,9 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_fmtp( const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "fmtp")==0, PJ_EINVALIDOP);
+ 
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
++
+     /* fmtp BNF:
+      *	a=fmtp:<format> <format specific parameter>
+      */
+@@ -379,6 +383,9 @@ PJ_DEF(pj_status_t) pjmedia_sdp_attr_get_rtcp(const pjmedia_sdp_attr *attr,
+ 
+     PJ_ASSERT_RETURN(pj_strcmp2(&attr->name, "rtcp")==0, PJ_EINVALIDOP);
+ 
++    if (attr->value.slen == 0)
++        return PJMEDIA_SDP_EINATTR;
++
+     init_sdp_parser();
+ 
+     /* fmtp BNF:
-- 
cgit v1.2.3