From 7e7590add84c6f8ab76e3d67106ec0b7d21149e8 Mon Sep 17 00:00:00 2001
From: Nanang Izzuddin <nanang@teluu.com>
Date: Sat, 30 May 2009 10:17:55 +0000
Subject: Ticket #862: Updated validations of SRTP crypto attribute.

git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@2726 74dad513-b988-da41-8d7b-12977e46ad98
---
 pjmedia/src/pjmedia/transport_srtp.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'pjmedia/src')

diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
index cd9fb734..1a270245 100644
--- a/pjmedia/src/pjmedia/transport_srtp.c
+++ b/pjmedia/src/pjmedia/transport_srtp.c
@@ -22,6 +22,7 @@
 #include <pjmedia/endpoint.h>
 #include <pjlib-util/base64.h>
 #include <pj/assert.h>
+#include <pj/ctype.h>
 #include <pj/lock.h>
 #include <pj/log.h>
 #include <pj/os.h>
@@ -980,6 +981,7 @@ static pj_status_t parse_attr_crypto(pj_pool_t *pool,
 {
     pj_str_t input;
     char *token;
+    int token_len;
     pj_str_t tmp;
     pj_status_t status;
     int itmp;
@@ -993,10 +995,20 @@ static pj_status_t parse_attr_crypto(pj_pool_t *pool,
 	PJ_LOG(4,(THIS_FILE, "Attribute crypto expecting tag"));
 	return PJMEDIA_SDP_EINATTR;
     }
-    *tag = atoi(token);
-    if (*tag == 0)
+    token_len = pj_ansi_strlen(token);
+
+    /* Tag must not use leading zeroes. */
+    if (token_len > 1 && *token == '0')
 	return PJMEDIA_SDP_EINATTR;
 
+    /* Tag must be decimal, i.e: contains only digit '0'-'9'. */
+    for (itmp = 0; itmp < token_len; ++itmp)
+	if (!pj_isdigit(token[itmp]))
+	    return PJMEDIA_SDP_EINATTR;
+
+    /* Get tag value. */
+    *tag = atoi(token);
+
     /* Crypto-suite */
     token = strtok(NULL, " ");
     if (!token) {
-- 
cgit v1.2.3