From 2c940567961a979dff77f1c0998784997c3fdf16 Mon Sep 17 00:00:00 2001 From: Guillaume BIENKOWSKI Date: Thu, 30 Oct 2014 15:40:22 +0100 Subject: [PATCH] Fix SDP overflow commit --- coreapi/bellesip_sal/sal_op_call.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/coreapi/bellesip_sal/sal_op_call.c b/coreapi/bellesip_sal/sal_op_call.c index bf352d1b4..fbed2cf18 100644 --- a/coreapi/bellesip_sal/sal_op_call.c +++ b/coreapi/bellesip_sal/sal_op_call.c @@ -75,22 +75,33 @@ static void sdp_process(SalOp *h){ static int set_sdp(belle_sip_message_t *msg,belle_sdp_session_description_t* session_desc) { belle_sip_header_content_type_t* content_type ; belle_sip_header_content_length_t* content_length; - belle_sip_error_code error = BELLE_SIP_OK; + belle_sip_error_code error = BELLE_SIP_BUFFER_OVERFLOW; size_t length = 0; - char buff[2048]; if (session_desc) { + size_t bufLen = 2048; + size_t hardlimit = 16*1024; /* 16k SDP limit seems reasonable */ + char* buff = belle_sip_malloc(bufLen); content_type = belle_sip_header_content_type_create("application","sdp"); - error = belle_sip_object_marshal(BELLE_SIP_OBJECT(session_desc),buff,sizeof(buff),&length); - if (error != BELLE_SIP_OK) { - ms_error("Buffer too small or sdp too big"); + + /* try to marshal the description. This could go higher than 2k so we iterate */ + while( error != BELLE_SIP_OK && bufLen <= hardlimit && buff != NULL){ + error = belle_sip_object_marshal(BELLE_SIP_OBJECT(session_desc),buff,bufLen,&length); + if( error != BELLE_SIP_OK ){ + bufLen *= 2; + buff = belle_sip_realloc(buff,bufLen); + } + } + /* give up if hard limit reached */ + if (error != BELLE_SIP_OK || buff == NULL) { + ms_error("Buffer too small (%d) or not enough memory, giving up SDP", (int)bufLen); return -1; } - content_length= belle_sip_header_content_length_create(length); + content_length = belle_sip_header_content_length_create(length); belle_sip_message_add_header(msg,BELLE_SIP_HEADER(content_type)); belle_sip_message_add_header(msg,BELLE_SIP_HEADER(content_length)); - belle_sip_message_set_body(msg,buff,length); + belle_sip_message_assign_body(msg,buff,length); return 0; } else { return -1;