1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
This patch updates array limit checks and docs
in pjsip_evsub_register_pkg() and pjsip_endpt_add_capability().
Index: pjsip/include/pjsip/sip_endpoint.h
===================================================================
--- a/pjsip/include/pjsip/sip_endpoint.h (revision 5396)
+++ b/pjsip/include/pjsip/sip_endpoint.h (revision 5397)
@@ -583,7 +583,8 @@
* @param hname If htype specifies PJSIP_H_OTHER, then the header name
* must be supplied in this argument. Otherwise the value
* must be set to NULL.
- * @param count The number of tags in the array.
+ * @param count The number of tags in the array. The value must not
+ * be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
* @param tags Array of tags describing the capabilities or extensions
* to be added to the appropriate header.
*
Index: pjsip/include/pjsip-simple/evsub.h
===================================================================
--- a/pjsip/include/pjsip-simple/evsub.h (revision 5396)
+++ b/pjsip/include/pjsip-simple/evsub.h (revision 5397)
@@ -246,7 +246,8 @@
* registered.
* @param event_name Event package identification.
* @param expires Default subscription expiration time, in seconds.
- * @param accept_cnt Number of strings in Accept array.
+ * @param accept_cnt Number of strings in Accept array. The value must
+ * not be greater than PJSIP_GENERIC_ARRAY_MAX_COUNT.
* @param accept Array of Accept value.
*
* @return PJ_SUCCESS on success.
Index: pjsip/src/pjsip/sip_endpoint.c
===================================================================
--- a/pjsip/src/pjsip/sip_endpoint.c (revision 5396)
+++ b/pjsip/src/pjsip/sip_endpoint.c (revision 5397)
@@ -371,6 +371,7 @@
/* Check arguments. */
PJ_ASSERT_RETURN(endpt!=NULL && count>0 && tags, PJ_EINVAL);
+ PJ_ASSERT_RETURN(count <= PJSIP_GENERIC_ARRAY_MAX_COUNT, PJ_ETOOMANY);
PJ_ASSERT_RETURN(htype==PJSIP_H_ACCEPT ||
htype==PJSIP_H_ALLOW ||
htype==PJSIP_H_SUPPORTED,
Index: pjsip/src/pjsip-simple/evsub.c
===================================================================
--- a/pjsip/src/pjsip-simple/evsub.c (revision 5396)
+++ b/pjsip/src/pjsip-simple/evsub.c (revision 5397)
@@ -412,7 +412,9 @@
unsigned i;
PJ_ASSERT_RETURN(pkg_mod && event_name, PJ_EINVAL);
- PJ_ASSERT_RETURN(accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values),
+
+ /* Make sure accept_cnt < PJ_ARRAY_SIZE(pkg->pkg_accept->values) */
+ PJ_ASSERT_RETURN(accept_cnt <= PJSIP_GENERIC_ARRAY_MAX_COUNT,
PJ_ETOOMANY);
/* Make sure evsub module has been initialized */
|