diff options
author | Benny Prijono <bennylp@teluu.com> | 2009-10-01 12:07:04 +0000 |
---|---|---|
committer | Benny Prijono <bennylp@teluu.com> | 2009-10-01 12:07:04 +0000 |
commit | 7e439d29f58acfe82c326f1d9bade56b27fb2391 (patch) | |
tree | 96b804dd800be4e0372153a5a70d33380a04616a | |
parent | 5bde52b2f543523aa17ee2dc102d09134cf846cb (diff) |
Ticket #961 (1.4.5 branch): Assertion upon receiving malformed SIP messages (thanks Andrey Kovalenko for the report)
- backported r2915
git-svn-id: http://svn.pjsip.org/repos/pjproject/branches/adhocs/1.4.5@2921 74dad513-b988-da41-8d7b-12977e46ad98
-rw-r--r-- | pjsip/src/pjsip/sip_transaction.c | 9 | ||||
-rw-r--r-- | pjsip/src/pjsip/sip_transport.c | 8 | ||||
-rw-r--r-- | tests/pjsua/scripts-sipp/uac-bad-ack.xml | 132 |
3 files changed, 149 insertions, 0 deletions
diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c index 7008670a..e7e2347b 100644 --- a/pjsip/src/pjsip/sip_transaction.c +++ b/pjsip/src/pjsip/sip_transaction.c @@ -2840,6 +2840,15 @@ static pj_status_t tsx_on_state_completed_uas( pjsip_transaction *tsx, /* Process incoming ACK request. */ + /* Verify that this is an INVITE transaction */ + if (tsx->method.id != PJSIP_INVITE_METHOD) { + PJ_LOG(2, (tsx->obj_name, + "Received illegal ACK for %.*s transaction", + (int)tsx->method.name.slen, + tsx->method.name.ptr)); + return PJSIP_EINVALIDMETHOD; + } + /* Cease retransmission. */ if (tsx->retransmit_timer.id != 0) { pjsip_endpt_cancel_timer(tsx->endpt, &tsx->retransmit_timer); diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c index f34699be..b6e79183 100644 --- a/pjsip/src/pjsip/sip_transport.c +++ b/pjsip/src/pjsip/sip_transport.c @@ -1439,6 +1439,14 @@ PJ_DEF(pj_ssize_t) pjsip_tpmgr_receive_packet( pjsip_tpmgr *mgr, if (rdata->msg_info.via->rport_param == 0) { rdata->msg_info.via->rport_param = rdata->pkt_info.src_port; } + } else { + /* Drop malformed responses */ + if (rdata->msg_info.msg->line.status.code < 100 || + rdata->msg_info.msg->line.status.code >= 700) + { + mgr->on_rx_msg(mgr->endpt, PJSIP_EINVALIDSTATUS, rdata); + goto finish_process_fragment; + } } /* Drop response message if it has more than one Via. diff --git a/tests/pjsua/scripts-sipp/uac-bad-ack.xml b/tests/pjsua/scripts-sipp/uac-bad-ack.xml new file mode 100644 index 00000000..d93e30c5 --- /dev/null +++ b/tests/pjsua/scripts-sipp/uac-bad-ack.xml @@ -0,0 +1,132 @@ +<?xml version="1.0" encoding="ISO-8859-1" ?> +<!DOCTYPE scenario SYSTEM "sipp.dtd"> + +<!-- This program is free software; you can redistribute it and/or --> +<!-- modify it under the terms of the GNU General Public License as --> +<!-- published by the Free Software Foundation; either version 2 of the --> +<!-- License, or (at your option) any later version. --> +<!-- --> +<!-- This program is distributed in the hope that it will be useful, --> +<!-- but WITHOUT ANY WARRANTY; without even the implied warranty of --> +<!-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --> +<!-- GNU General Public License for more details. --> +<!-- --> +<!-- You should have received a copy of the GNU General Public License --> +<!-- along with this program; if not, write to the --> +<!-- Free Software Foundation, Inc., --> +<!-- 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA --> +<!-- --> +<!-- --> + +<scenario name="UAC with bad ACK"> + <!-- UAC with bad ACK causes assertion with pjsip 1.4 --> + <send retrans="500"> + <![CDATA[ + + INVITE sip:[service]@[remote_ip]:[remote_port] SIP/2.0 + Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch] + From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number] + To: sut <sip:[service]@[remote_ip]:[remote_port]> + Call-ID: [call_id] + CSeq: 1 INVITE + Contact: sip:sipp@[local_ip]:[local_port] + Max-Forwards: 70 + Subject: Performance Test + Content-Type: application/sdp + Content-Length: [len] + + v=0 + o=user1 53655765 2353687637 IN IP[local_ip_type] [local_ip] + s=- + c=IN IP[media_ip_type] [media_ip] + t=0 0 + m=audio [media_port] RTP/AVP 0 + a=rtpmap:0 PCMU/8000 + + ]]> + </send> + + <recv response="100" + optional="true"> + </recv> + + <recv response="180" optional="true"> + </recv> + + <!-- By adding rrs="true" (Record Route Sets), the route sets --> + <!-- are saved and used for following messages sent. Useful to test --> + <!-- against stateful SIP proxies/B2BUAs. --> + <recv response="200" rtd="true"> + </recv> + + <!-- Packet lost can be simulated in any send/recv message by --> + <!-- by adding the 'lost = "10"'. Value can be [1-100] percent. --> + <send> + <![CDATA[ + + ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0 + Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch] + From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number] + To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param] + Call-ID: [call_id] + CSeq: 1 ACK + Contact: sip:sipp@[local_ip]:[local_port] + Max-Forwards: 70 + Subject: Performance Test + Content-Length: 0 + + ]]> + </send> + + <!-- This delay can be customized by the -d command-line option --> + <!-- or by adding a 'milliseconds = "value"' option here. --> + <pause/> + + <!-- The 'crlf' option inserts a blank line in the statistics report. --> + <send retrans="500"> + <![CDATA[ + + BYE sip:[service]@[remote_ip]:[remote_port] SIP/2.0 + Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=z9hG4bK-1 + From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number] + To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param] + Call-ID: [call_id] + CSeq: 2 BYE + Contact: sip:sipp@[local_ip]:[local_port] + Max-Forwards: 70 + Subject: Performance Test + Content-Length: 0 + + ]]> + </send> + + <recv response="200" crlf="true"> + </recv> + + <pause milliseconds="2000"/> + + <send> + <![CDATA[ + + ACK sip:[service]@[remote_ip]:[remote_port] SIP/2.0 + Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=z9hG4bK-1 + From: sipp <sip:sipp@[local_ip]:[local_port]>;tag=[call_number] + To: sut <sip:[service]@[remote_ip]:[remote_port]>[peer_tag_param] + Call-ID: [call_id] + CSeq: 2 BYE + Contact: sip:sipp@[local_ip]:[local_port] + Max-Forwards: 70 + Subject: Performance Test + Content-Length: 0 + + ]]> + </send> + + <!-- definition of the response time repartition table (unit is ms) --> + <ResponseTimeRepartition value="10, 20, 30, 40, 50, 100, 150, 200"/> + + <!-- definition of the call length repartition table (unit is ms) --> + <CallLengthRepartition value="10, 50, 100, 500, 1000, 5000, 10000"/> + +</scenario> + |