diff options
author | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-18 14:58:39 +0000 |
---|---|---|
committer | file <file@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-03-18 14:58:39 +0000 |
commit | 2fbae294015891121b3fef02e73f8356f8629347 (patch) | |
tree | 64ed08f86dbc0127be2f3f03354257387b3512ad | |
parent | 57afe0f38f939eb78f0a7919fc1b810a1051a9c7 (diff) |
Put a maximum limit on the number of payloads accepted, and also make sure a given payload does not exceed our maximum value.
(AST-2008-002)
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.4@109386 f38db490-d61c-443f-a65b-d21fe96a405b
-rw-r--r-- | channels/chan_sip.c | 34 | ||||
-rw-r--r-- | main/rtp.c | 3 |
2 files changed, 24 insertions, 13 deletions
diff --git a/channels/chan_sip.c b/channels/chan_sip.c index 406acc17a..a9f29721e 100644 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -216,6 +216,8 @@ static int expiry = DEFAULT_EXPIRY; #define SIP_MAX_LINES 64 /*!< Max amount of lines in SIP attachment (like SDP) */ #define SIP_MAX_PACKET 4096 /*!< Also from RFC 3261 (2543), should sub headers tho */ +#define SDP_MAX_RTPMAP_CODECS 32 /*!< Maximum number of codecs allowed in received SDP */ + #define INITIAL_CSEQ 101 /*!< our initial sip sequence number */ /*! \brief Global jitterbuffer configuration - by default, jb is disabled */ @@ -5032,7 +5034,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req) int numberofmediastreams = 0; int debug = sip_debug_test_pvt(p); - int found_rtpmap_codecs[32]; + int found_rtpmap_codecs[SDP_MAX_RTPMAP_CODECS]; int last_rtpmap_codec=0; if (!p->rtp) { @@ -5305,24 +5307,30 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req) /* We should propably check if this is an audio or video codec so we know where to look */ - /* Note: should really look at the 'freq' and '#chans' params too */ - if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype, - ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) { - if (debug) - ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec); - found_rtpmap_codecs[last_rtpmap_codec] = codec; - last_rtpmap_codec++; - found = TRUE; - - } else if (p->vrtp) { - if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) { + if (last_rtpmap_codec < SDP_MAX_RTPMAP_CODECS) { + /* Note: should really look at the 'freq' and '#chans' params too */ + if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype, + ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) { if (debug) - ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec); + ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec); found_rtpmap_codecs[last_rtpmap_codec] = codec; last_rtpmap_codec++; found = TRUE; + + } else if (p->vrtp) { + if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) { + if (debug) + ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec); + found_rtpmap_codecs[last_rtpmap_codec] = codec; + last_rtpmap_codec++; + found = TRUE; + } } + } else { + if (debug) + ast_verbose("Discarded description format %s for ID %d\n", mimeSubtype, codec); } + if (!found) { /* Remove this codec since it's an unknown media type for us */ /* XXX This is buggy since the media line for audio and video can have the diff --git a/main/rtp.c b/main/rtp.c index 3d3766e9c..fc6f9a467 100644 --- a/main/rtp.c +++ b/main/rtp.c @@ -1652,6 +1652,9 @@ void ast_rtp_set_m_type(struct ast_rtp* rtp, int pt) an unknown media type */ void ast_rtp_unset_m_type(struct ast_rtp* rtp, int pt) { + if (pt < 0 || pt > MAX_RTP_PT) + return; /* bogus payload type */ + ast_mutex_lock(&rtp->bridge_lock); rtp->current_RTP_PT[pt].isAstFormat = 0; rtp->current_RTP_PT[pt].code = 0; |