Put a maximum limit on the number of payloads accepted, and also make sure a given payload does not exceed our maximum value.

(AST-2008-002) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.4@109386 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2025-09-24 14:56:58 +00:00 · 2008-03-18 14:58:39 +00:00
parent 7f77c58ed5
commit 5fda7910c6
2 changed files with 24 additions and 13 deletions
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -216,6 +216,8 @@ static int expiry = DEFAULT_EXPIRY;
 #define SIP_MAX_LINES                64               /*!< Max amount of lines in SIP attachment (like SDP) */
 #define SIP_MAX_PACKET               4096             /*!< Also from RFC 3261 (2543), should sub headers tho */
 #define SDP_MAX_RTPMAP_CODECS        32               /*!< Maximum number of codecs allowed in received SDP */
 #define INITIAL_CSEQ                 101              /*!< our initial sip sequence number */
 /*! \brief Global jitterbuffer configuration - by default, jb is disabled */
@@ -5032,7 +5034,7 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req)
 	int numberofmediastreams = 0;
 	int debug = sip_debug_test_pvt(p);
-	int found_rtpmap_codecs[32];
+	int found_rtpmap_codecs[SDP_MAX_RTPMAP_CODECS];
 	int last_rtpmap_codec=0;
 	if (!p->rtp) {
@@ -5305,24 +5307,30 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req)
 			/* We should propably check if this is an audio or video codec
 				so we know where to look */
-			/* Note: should really look at the 'freq' and '#chans' params too */
+			if (last_rtpmap_codec < SDP_MAX_RTPMAP_CODECS) {
-			if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype,
+				/* Note: should really look at the 'freq' and '#chans' params too */
-					ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) {
+				if(ast_rtp_set_rtpmap_type(newaudiortp, codec, "audio", mimeSubtype,
-				if (debug)
+							   ast_test_flag(&p->flags[0], SIP_G726_NONSTANDARD) ? AST_RTP_OPT_G726_NONSTANDARD : 0) != -1) {
 					ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec);
 				found_rtpmap_codecs[last_rtpmap_codec] = codec;
 				last_rtpmap_codec++;
 				found = TRUE;
 			} else if (p->vrtp) {
 				if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) {
 					if (debug)
-						ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec);
+						ast_verbose("Found audio description format %s for ID %d\n", mimeSubtype, codec);
 					found_rtpmap_codecs[last_rtpmap_codec] = codec;
 					last_rtpmap_codec++;
 					found = TRUE;
 				} else if (p->vrtp) {
 					if(ast_rtp_set_rtpmap_type(newvideortp, codec, "video", mimeSubtype, 0) != -1) {
 						if (debug)
 							ast_verbose("Found video description format %s for ID %d\n", mimeSubtype, codec);
 						found_rtpmap_codecs[last_rtpmap_codec] = codec;
 						last_rtpmap_codec++;
 						found = TRUE;
 					}
 				}
 			} else {
 				if (debug)
 					ast_verbose("Discarded description format %s for ID %d\n", mimeSubtype, codec);
 			}
 			if (!found) {
 				/* Remove this codec since it's an unknown media type for us */
 				/* XXX This is buggy since the media line for audio and video can have the
--- a/main/rtp.c
+++ b/main/rtp.c
@@ -1652,6 +1652,9 @@ void ast_rtp_set_m_type(struct ast_rtp* rtp, int pt)
    an unknown media type */
 void ast_rtp_unset_m_type(struct ast_rtp* rtp, int pt) 
 {
 	if (pt < 0 || pt > MAX_RTP_PT)
 		return; /* bogus payload type */
 	ast_mutex_lock(&rtp->bridge_lock);
 	rtp->current_RTP_PT[pt].isAstFormat = 0;
 	rtp->current_RTP_PT[pt].code = 0;