#211 fix for crash when Content-length too big - ID: 281827

ver 1.5.x
closed-accepted
modules (140)
5
2010-03-17
2010-03-01
Anonymous
No

are there any valid use cases for a content-length being bigger than the rest of of the packet?

i have not tested the issue with kamailio 3.0.

Discussion

  •  
    Attachments
  • Marcus Hunger
    Marcus Hunger
    2010-03-01

    sorry, i was not logged in while posting.

     
  • This should not happen, as both pairs (msg_buf,msg_len) and (body,body_len) are set internally. The issue with the nathelper was because the len was taken from content-lenght header, which can be wrong. The discussion ended in whether to auto-correct the content-lenght value or return 400 bad message. In 1.5 the fix to avoid crash was to return error to script, 400 can be sent by using sanity module.

     
  • Marcus Hunger
    Marcus Hunger
    2010-03-01

    so there's already a fix? i tried this on 1.5.4, and it crashed. maybe i made a mistake merging it to my branch. i am going to check this tomorrow.

     
  • Marcus Hunger
    Marcus Hunger
    2010-03-02

    i retried this with vanilla-kamailio 1.5.4 downloaded from kamailio.org and it crashs.

     
  • Patch applied.

     
    • assigned_to: nobody --> miconda
    • status: open --> closed-accepted