diff options
author | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-18 16:44:12 +0000 |
---|---|---|
committer | russell <russell@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-18 16:44:12 +0000 |
commit | 878c47128d752f15ba1900f679a3405603de27a2 (patch) | |
tree | cf24ed8422c64adb511fb274c26079cee3b83795 | |
parent | 5c60726100738ed97164f2bfbd9538e8f81ccf6c (diff) |
Put a maximum limit on the number of payloads accepted, and also make sure a given payload does not exceed our maximum value.
(AST-2008-002)
git-svn-id: http://svn.digium.com/svn/asterisk/tags/1.4.18.1@109541 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | channels/chan_sip.c | 34 | ||||
-rw-r--r-- | main/rtp.c | 3 |
2 files changed, 24 insertions, 13 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 71bfabb86..0be15e84a 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -216,6 +216,8 @@ static int expiry = DEFAULT_EXPIRY; #define SIP_MAX_LINES 64 /*!< Max amount of lines in SIP attachment (like SDP) */ #define SIP_MAX_PACKET 4096 /*!< Also from RFC 3261 (2543), should sub headers tho */ +#define SDP_MAX_RTPMAP_CODECS 32 /*!< Maximum number of codecs allowed in received SDP */ + #define INITIAL_CSEQ 101 /*!< our initial sip sequence number */ /*! \brief Global jitterbuffer configuration - by default, jb is disabled */ @@ -4977,7 +4979,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req) int numberofmediastreams = 0; int debug = sip_debug_test_pvt(p); - int found_rtpmap_codecs[32]; + int found_rtpmap_codecs[SDP_MAX_RTPMAP_CODECS]; int last_rtpmap_codec=0; if (!p->rtp) { @@ -5250,24 +5252,30 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req) /* We should propably check if this is an audio or video codec so we know where to look */ - /* Note: should really look at the 'freq' and '#chans' params too */ - if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype, - ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) { - if (debug) - ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec); - found_rtpmap_codecs[last_rtpmap_codec] = codec; - last_rtpmap_codec++; - found = TRUE; - - } else if (p->vrtp) { - if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) { + if (last_rtpmap_codec < SDP_MAX_RTPMAP_CODECS) { + /* Note: should really look at the 'freq' and '#chans' params too */ + if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype, + ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) { if (debug) - ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec); + ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec); found_rtpmap_codecs[last_rtpmap_codec] = codec; last_rtpmap_codec++; found = TRUE; + + } else if (p->vrtp) { + if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) { + if (debug) + ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec); + found_rtpmap_codecs[last_rtpmap_codec] = codec; + last_rtpmap_codec++; + found = TRUE; + } } + } else { + if (debug) + ast_verbose("Discarded description format %s for ID %d\n", mimeSubtype, codec); } + if (!found) { /* Remove this codec since it's an unknown media type for us */ /* XXX This is buggy since the media line for audio and video can have the diff --git a/main/rtp.c b/main/rtp.c index 949dd1cc8..a624c28ea 100644 --- a/main/rtp.c +++ b/main/rtp.c @@ -1651,6 +1651,9 @@ void ast_rtp_set_m_type(struct ast_rtp* rtp, int pt) an unknown media type */ void ast_rtp_unset_m_type(struct ast_rtp* rtp, int pt) { + if (pt < 0 || pt > MAX_RTP_PT) + return; /* bogus payload type */ + ast_mutex_lock(&rtp->bridge_lock); rtp->current_RTP_PT[pt].isAstFormat = 0; rtp->current_RTP_PT[pt].code = 0; |