Patch for crash in pjsua2 pj2Str()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When passed a pj_str_t with a negative slen, pj2Str() results in an
(uncaught) exception being thrown by the std::string constructor.

The fix is very simple - check that the slen is valid.

diff --git a/pjsip/src/pjsua2/util.hpp b/pjsip/src/pjsua2/util.hpp
index ae72af63..1563fc0f 100644
--- a/pjsip/src/pjsua2/util.hpp
+++ b/pjsip/src/pjsua2/util.hpp
@@ -36,7 +36,7 @@ inline pj_str_t str2Pj(const string &input_str)
 
 inline string pj2Str(const pj_str_t &input_str)
 {
-    if (input_str.ptr)
+    if (input_str.ptr && 0 < input_str.slen)
 	return string(input_str.ptr, input_str.slen);
     return string();
 }



For us this crash was occurring when calling pj::Call::getInfo() upon
receiving a call, and more specifically it was pj::CallInfo::fromPj()
that was calling pj2Str() with a bad string.

Further investigation revealed that is was the local_contact string
that was the problem.

We encountered this issue when adding support for Flexisip's push
notification functionality, which requires the device token or 
registration id to be sent as part of the contact header [1]

This causes a problem for PJSIP because pjsua_call_info uses a small
fixed-size buffer (128 bytes) to store local_contact, and is not
large enough to store the contact headers required by Flexisip's push
notification mechanism.

I also noticed that pjsua_call_get_info() checks for negative slen 
when processing remote_contact but does not do so for local_contact. 
It may be worth revising this, or increasing the buffer size, but 
since the patch to pj2Str() has resolved our issues I have not taken 
this further.

Also it is not obvious that pjsip_uri_print() can return a negative
value, its documentation simply states "Returns: Length printed" so 
this could be considered a bug in pjsip_uri_print()


[1] - https://wiki.linphone.org/xwiki/wiki/public/view/Flexisip/Configuration/#HConfiguringLinphoneiOS


_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux