diff options
| author | Pau Espin Pedrol <pespin@sysmocom.de> | 2019-07-23 16:19:41 +0200 |
|---|---|---|
| committer | pespin <pespin@sysmocom.de> | 2019-07-25 12:14:48 +0000 |
| commit | c5c1430a1c00ad86855ffff3df3f106bb2bce1d5 (patch) | |
| tree | a2980928f34cfa16affe670e91b103f33dd6297b | |
| parent | f7de9aea7b8ed206bef629a0c32d0909384bd42b (diff) | |
Catch unsigned integer MGCP parsing errors with strtoul
Checks to find if strotul failed are taken both from:
man strtoul
man strtol
Change-Id: Ifba1c1e3151d6f92f9da3d4ca2569a5908455ca8
| -rw-r--r-- | src/libosmo-mgcp-client/mgcp_client.c | 9 | ||||
| -rw-r--r-- | src/libosmo-mgcp/mgcp_sdp.c | 9 |
2 files changed, 16 insertions, 2 deletions
diff --git a/src/libosmo-mgcp-client/mgcp_client.c b/src/libosmo-mgcp-client/mgcp_client.c index fd188c3a3..910289ed2 100644 --- a/src/libosmo-mgcp-client/mgcp_client.c +++ b/src/libosmo-mgcp-client/mgcp_client.c @@ -36,6 +36,8 @@ #include <unistd.h> #include <string.h> #include <ctype.h> +#include <stdlib.h> +#include <limits.h> #ifndef OSMUX_CID_MAX #define OSMUX_CID_MAX 255 /* FIXME: use OSMUX_CID_MAX from libosmo-netif? */ @@ -265,6 +267,7 @@ static bool mgcp_line_is_valid(const char *line) static int mgcp_parse_audio_port_pt(struct mgcp_response *r, char *line) { char *pt_str; + char *pt_end; unsigned int pt; unsigned int count = 0; unsigned int i; @@ -289,7 +292,11 @@ static int mgcp_parse_audio_port_pt(struct mgcp_response *r, char *line) pt_str = strtok(NULL, " "); if (!pt_str) break; - pt = atoi(pt_str); + errno = 0; + pt = strtoul(pt_str, &pt_end, 0); + if ((errno == ERANGE && pt == ULONG_MAX) || (errno && !pt) || + pt_str == pt_end) + goto response_parse_failure_pt; /* Do not allow duplicate payload types */ for (i = 0; i < count; i++) diff --git a/src/libosmo-mgcp/mgcp_sdp.c b/src/libosmo-mgcp/mgcp_sdp.c index ddd4657a6..56fc611f5 100644 --- a/src/libosmo-mgcp/mgcp_sdp.c +++ b/src/libosmo-mgcp/mgcp_sdp.c @@ -29,6 +29,8 @@ #include <osmocom/mgcp/mgcp_sdp.h> #include <errno.h> +#include <stdlib.h> +#include <limits.h> /* Two structs to store intermediate parsing results. The function * mgcp_parse_sdp_data() is using the following two structs as temporary @@ -129,6 +131,7 @@ static int pt_from_sdp(void *ctx, struct sdp_rtp_map *codecs, char *str; char *str_ptr; char *pt_str; + char *pt_end; unsigned int pt; unsigned int count = 0; unsigned int i; @@ -154,7 +157,11 @@ static int pt_from_sdp(void *ctx, struct sdp_rtp_map *codecs, if (!pt_str) break; - pt = atoi(pt_str); + errno = 0; + pt = strtoul(pt_str, &pt_end, 0); + if ((errno == ERANGE && pt == ULONG_MAX) || (errno && !pt) || + pt_str == pt_end) + goto error; /* Do not allow duplicate payload types */ for (i = 0; i < count; i++) |