From 7369d96f8361c523a7ae4753391a9a7336a89fb8 Mon Sep 17 00:00:00 2001 From: Benny Prijono Date: Tue, 8 Oct 2013 09:08:13 +0000 Subject: Re #1703: fixing general bugs. First installment: correct handling of snprintf return value git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4613 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/src/pjsua-lib/pjsua_acc.c | 7 +++++-- pjsip/src/pjsua-lib/pjsua_aud.c | 6 ++++-- pjsip/src/pjsua-lib/pjsua_dump.c | 12 ++++++------ 3 files changed, 15 insertions(+), 10 deletions(-) (limited to 'pjsip/src/pjsua-lib') diff --git a/pjsip/src/pjsua-lib/pjsua_acc.c b/pjsip/src/pjsua-lib/pjsua_acc.c index 77d9a12c..8533c793 100644 --- a/pjsip/src/pjsua-lib/pjsua_acc.c +++ b/pjsip/src/pjsua-lib/pjsua_acc.c @@ -1749,7 +1749,7 @@ static pj_bool_t acc_check_nat_addr(pjsua_acc *acc, (acc->cfg.use_rfc5626? ob: ""), (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); - if (len < 1) { + if (len < 1 || len >= PJSIP_MAX_URL_SIZE) { PJ_LOG(1,(THIS_FILE, "URI too long")); pj_pool_release(pool); return PJ_FALSE; @@ -3101,7 +3101,8 @@ PJ_DEF(pj_status_t) pjsua_acc_create_uac_contact( pj_pool_t *pool, (acc->cfg.use_rfc5626? ob: ""), (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); - + if (contact->slen < 1 || contact->slen >= (int)PJSIP_MAX_URL_SIZE) + return PJ_ETOOSMALL; return PJ_SUCCESS; } @@ -3271,6 +3272,8 @@ PJ_DEF(pj_status_t) pjsua_acc_create_uas_contact( pj_pool_t *pool, acc->cfg.contact_uri_params.ptr, (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); + if (contact->slen < 1 || contact->slen >= (int)PJSIP_MAX_URL_SIZE) + return PJ_ETOOSMALL; return PJ_SUCCESS; } diff --git a/pjsip/src/pjsua-lib/pjsua_aud.c b/pjsip/src/pjsua-lib/pjsua_aud.c index d81ac9ab..e15c54aa 100644 --- a/pjsip/src/pjsua-lib/pjsua_aud.c +++ b/pjsip/src/pjsua-lib/pjsua_aud.c @@ -1759,12 +1759,14 @@ static pj_status_t open_snd_dev(pjmedia_snd_port_param *param) if (status==PJ_SUCCESS) { if (param->base.clock_rate != pjsua_var.media_cfg.clock_rate) { char tmp_buf[128]; - int tmp_buf_len = sizeof(tmp_buf); + int tmp_buf_len; - tmp_buf_len = pj_ansi_snprintf(tmp_buf, sizeof(tmp_buf)-1, + tmp_buf_len = pj_ansi_snprintf(tmp_buf, sizeof(tmp_buf), "%s (%dKHz)", rec_info.name, param->base.clock_rate/1000); + if (tmp_buf_len < 1 || tmp_buf_len >= (int)sizeof(tmp_buf)) + tmp_buf_len = sizeof(tmp_buf) - 1; pj_strset(&tmp, tmp_buf, tmp_buf_len); pjmedia_conf_set_port0_name(pjsua_var.mconf, &tmp); } else { diff --git a/pjsip/src/pjsua-lib/pjsua_dump.c b/pjsip/src/pjsua-lib/pjsua_dump.c index 2f8ef73c..8fbe8c49 100644 --- a/pjsip/src/pjsua-lib/pjsua_dump.c +++ b/pjsip/src/pjsua-lib/pjsua_dump.c @@ -128,7 +128,7 @@ static unsigned dump_media_stat(const char *indent, "" ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -186,7 +186,7 @@ static unsigned dump_media_stat(const char *indent, pj_math_stat_get_stddev(&stat->tx.jitter) / 1000.0 ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -201,7 +201,7 @@ static unsigned dump_media_stat(const char *indent, stat->rtt.last / 1000.0, pj_math_stat_get_stddev(&stat->rtt) / 1000.0 ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -259,7 +259,7 @@ static void dump_media_session(const char *indent, len = pj_ansi_snprintf(p, end-p, "%s #%d %s deactivated\n", indent, i, media_type_str); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return; } @@ -363,7 +363,7 @@ static void dump_media_session(const char *indent, codec_info, dir_str, rem_addr); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return; } @@ -470,7 +470,7 @@ static void dump_media_session(const char *indent, sprintf(s, "%d", v) # define VALIDATE_PRINT_BUF() \ - if (len < 1 || len > end-p) { *p = '\0'; return; } \ + if (len < 1 || len >= end-p) { *p = '\0'; return; } \ p += len; *p++ = '\n'; *p = '\0' -- cgit v1.2.3