From 7369d96f8361c523a7ae4753391a9a7336a89fb8 Mon Sep 17 00:00:00 2001 From: Benny Prijono Date: Tue, 8 Oct 2013 09:08:13 +0000 Subject: Re #1703: fixing general bugs. First installment: correct handling of snprintf return value git-svn-id: http://svn.pjsip.org/repos/pjproject/trunk@4613 74dad513-b988-da41-8d7b-12977e46ad98 --- pjsip/src/pjsip-simple/errno.c | 3 ++- pjsip/src/pjsip-ua/sip_100rel.c | 3 +++ pjsip/src/pjsip/sip_errno.c | 3 ++- pjsip/src/pjsua-lib/pjsua_acc.c | 7 +++++-- pjsip/src/pjsua-lib/pjsua_aud.c | 6 ++++-- pjsip/src/pjsua-lib/pjsua_dump.c | 12 ++++++------ 6 files changed, 22 insertions(+), 12 deletions(-) (limited to 'pjsip') diff --git a/pjsip/src/pjsip-simple/errno.c b/pjsip/src/pjsip-simple/errno.c index 91a066d3..3c8c7f8b 100644 --- a/pjsip/src/pjsip-simple/errno.c +++ b/pjsip/src/pjsip-simple/errno.c @@ -110,7 +110,8 @@ PJ_DEF(pj_str_t) pjsipsimple_strerror( pj_status_t statcode, errstr.slen = pj_ansi_snprintf(buf, bufsize, "Unknown pjsip-simple error %d", statcode); - + if (errstr.slen < 1 || errstr.slen >= (pj_ssize_t)bufsize) + errstr.slen = bufsize - 1; return errstr; } diff --git a/pjsip/src/pjsip-ua/sip_100rel.c b/pjsip/src/pjsip-ua/sip_100rel.c index 60b989b2..0fb07e79 100644 --- a/pjsip/src/pjsip-ua/sip_100rel.c +++ b/pjsip/src/pjsip-ua/sip_100rel.c @@ -344,6 +344,9 @@ PJ_DEF(pj_status_t) pjsip_100rel_create_prack( pjsip_inv_session *inv, rseq, rdata->msg_info.cseq->cseq, (int)tsx->method.name.slen, tsx->method.name.ptr); + if (rack.slen < 1 || rack.slen >= (int)sizeof(rack_buf)) { + return PJ_ETOOSMALL; + } rack_hdr = pjsip_generic_string_hdr_create(tdata->pool, &RACK, &rack); pjsip_msg_add_hdr(tdata->msg, (pjsip_hdr*) rack_hdr); diff --git a/pjsip/src/pjsip/sip_errno.c b/pjsip/src/pjsip/sip_errno.c index 806733f1..449f65c3 100644 --- a/pjsip/src/pjsip/sip_errno.c +++ b/pjsip/src/pjsip/sip_errno.c @@ -204,7 +204,8 @@ PJ_DEF(pj_str_t) pjsip_strerror( pj_status_t statcode, errstr.slen = pj_ansi_snprintf(buf, bufsize, "Unknown pjsip error %d", statcode); - + if (errstr.slen < 1 || errstr.slen >= (pj_ssize_t)bufsize) + errstr.slen = bufsize - 1; return errstr; } diff --git a/pjsip/src/pjsua-lib/pjsua_acc.c b/pjsip/src/pjsua-lib/pjsua_acc.c index 77d9a12c..8533c793 100644 --- a/pjsip/src/pjsua-lib/pjsua_acc.c +++ b/pjsip/src/pjsua-lib/pjsua_acc.c @@ -1749,7 +1749,7 @@ static pj_bool_t acc_check_nat_addr(pjsua_acc *acc, (acc->cfg.use_rfc5626? ob: ""), (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); - if (len < 1) { + if (len < 1 || len >= PJSIP_MAX_URL_SIZE) { PJ_LOG(1,(THIS_FILE, "URI too long")); pj_pool_release(pool); return PJ_FALSE; @@ -3101,7 +3101,8 @@ PJ_DEF(pj_status_t) pjsua_acc_create_uac_contact( pj_pool_t *pool, (acc->cfg.use_rfc5626? ob: ""), (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); - + if (contact->slen < 1 || contact->slen >= (int)PJSIP_MAX_URL_SIZE) + return PJ_ETOOSMALL; return PJ_SUCCESS; } @@ -3271,6 +3272,8 @@ PJ_DEF(pj_status_t) pjsua_acc_create_uas_contact( pj_pool_t *pool, acc->cfg.contact_uri_params.ptr, (int)acc->cfg.contact_params.slen, acc->cfg.contact_params.ptr); + if (contact->slen < 1 || contact->slen >= (int)PJSIP_MAX_URL_SIZE) + return PJ_ETOOSMALL; return PJ_SUCCESS; } diff --git a/pjsip/src/pjsua-lib/pjsua_aud.c b/pjsip/src/pjsua-lib/pjsua_aud.c index d81ac9ab..e15c54aa 100644 --- a/pjsip/src/pjsua-lib/pjsua_aud.c +++ b/pjsip/src/pjsua-lib/pjsua_aud.c @@ -1759,12 +1759,14 @@ static pj_status_t open_snd_dev(pjmedia_snd_port_param *param) if (status==PJ_SUCCESS) { if (param->base.clock_rate != pjsua_var.media_cfg.clock_rate) { char tmp_buf[128]; - int tmp_buf_len = sizeof(tmp_buf); + int tmp_buf_len; - tmp_buf_len = pj_ansi_snprintf(tmp_buf, sizeof(tmp_buf)-1, + tmp_buf_len = pj_ansi_snprintf(tmp_buf, sizeof(tmp_buf), "%s (%dKHz)", rec_info.name, param->base.clock_rate/1000); + if (tmp_buf_len < 1 || tmp_buf_len >= (int)sizeof(tmp_buf)) + tmp_buf_len = sizeof(tmp_buf) - 1; pj_strset(&tmp, tmp_buf, tmp_buf_len); pjmedia_conf_set_port0_name(pjsua_var.mconf, &tmp); } else { diff --git a/pjsip/src/pjsua-lib/pjsua_dump.c b/pjsip/src/pjsua-lib/pjsua_dump.c index 2f8ef73c..8fbe8c49 100644 --- a/pjsip/src/pjsua-lib/pjsua_dump.c +++ b/pjsip/src/pjsua-lib/pjsua_dump.c @@ -128,7 +128,7 @@ static unsigned dump_media_stat(const char *indent, "" ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -186,7 +186,7 @@ static unsigned dump_media_stat(const char *indent, pj_math_stat_get_stddev(&stat->tx.jitter) / 1000.0 ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -201,7 +201,7 @@ static unsigned dump_media_stat(const char *indent, stat->rtt.last / 1000.0, pj_math_stat_get_stddev(&stat->rtt) / 1000.0 ); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return (unsigned)(p-buf); } @@ -259,7 +259,7 @@ static void dump_media_session(const char *indent, len = pj_ansi_snprintf(p, end-p, "%s #%d %s deactivated\n", indent, i, media_type_str); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return; } @@ -363,7 +363,7 @@ static void dump_media_session(const char *indent, codec_info, dir_str, rem_addr); - if (len < 1 || len > end-p) { + if (len < 1 || len >= end-p) { *p = '\0'; return; } @@ -470,7 +470,7 @@ static void dump_media_session(const char *indent, sprintf(s, "%d", v) # define VALIDATE_PRINT_BUF() \ - if (len < 1 || len > end-p) { *p = '\0'; return; } \ + if (len < 1 || len >= end-p) { *p = '\0'; return; } \ p += len; *p++ = '\n'; *p = '\0' -- cgit v1.2.3