Sophie

Sophie

distrib > Fedora > 16 > i386 > by-pkgid > e4b4830c1bf8d1a0e268769c360fb063 > files > 2

sipp-3.2-2.fc15.src.rpm

From 9625749ee12dfc5de74473d3229db3d8673396f4 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Wed, 27 Jan 2010 09:46:03 +0300
Subject: [PATCH 2/5] -Fix for CVE-2008-2085.
  Taken from Fedoraproject repository - see this link:
  http://cvs.fedoraproject.org/viewvc/rpms/sipp/devel/sipp--CVE-2008-2085-fix.diff?content-type=text%2Fplain&view=co

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
---
 call.cpp |   41 +++++++++++++++++++++++++++++++++--------
 1 files changed, 33 insertions(+), 8 deletions(-)

diff --git a/call.cpp b/call.cpp
index ebef278..6360d51 100644
--- a/call.cpp
+++ b/call.cpp
@@ -133,17 +133,26 @@ uint32_t get_remote_ip_media(char *msg)
     char pattern[] = "c=IN IP4 ";
     char *begin, *end;
     char ip[32];
-    begin = strstr(msg, pattern);
+    char *tmp = strdup(msg);
+
+    if(!tmp) return INADDR_NONE;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* Can't find what we're looking at -> return no address */
       return INADDR_NONE;
     }
     begin += sizeof("c=IN IP4 ") - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       return INADDR_NONE;
+    }
+    *end = 0;
     memset(ip, 0, 32);
-    strncpy(ip, begin, end - begin);
+    strncpy(ip, begin, sizeof(ip) - 1);
+    ip[sizeof(ip) - 1] = 0;
+    free(tmp);
     return inet_addr(ip);
 }
 
@@ -156,20 +165,28 @@ uint8_t get_remote_ipv6_media(char *msg, struct in6_addr *addr)
     char pattern[] = "c=IN IP6 ";
     char *begin, *end;
     char ip[128];
+    char *tmp = strdup(msg);
 
     memset(addr, 0, sizeof(*addr));
     memset(ip, 0, 128);
 
-    begin = strstr(msg, pattern);
+    if(!tmp) return 0;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* Can't find what we're looking at -> return no address */
       return 0;
     }
     begin += sizeof("c=IN IP6 ") - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       return 0;
-    strncpy(ip, begin, end - begin);
+    }
+    *end = 0;
+    strncpy(ip, begin, sizeof(ip) - 1);
+    ip[sizeof(ip) - 1] = 0;
+    free(tmp);
     if (!inet_pton(AF_INET6, ip, addr)) {
       return 0;
     }
@@ -196,17 +213,25 @@ uint16_t get_remote_port_media(char *msg, int pattype)
 	ERROR("Internal error: Undefined media pattern %d\n", 3);
     }
 
-    begin = strstr(msg, pattern);
+    char *tmp = strdup(msg);
+    if(!tmp) return 0;
+    begin = strstr(tmp, pattern);
     if (!begin) {
+      free(tmp);
       /* m=audio not found */
       return 0;
     }
     begin += strlen(pattern) - 1;
     end = strstr(begin, "\r\n");
-    if (!end)
+    if (!end){
+      free(tmp);
       ERROR("get_remote_port_media: no CRLF found");
+    }
+    *end = 0;
     memset(number, 0, sizeof(number));
     strncpy(number, begin, sizeof(number) - 1);
+    number[sizeof(number) - 1] = 0;
+    free(tmp);
     return atoi(number);
 }
 
-- 
1.7.3.5

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional