--- call.cpp.cve20082085 2008-07-06 12:38:01.000000000 +0400
+++ call.cpp 2008-07-06 17:11:11.000000000 +0400
@@ -125,17 +125,26 @@
char pattern[] = "c=IN IP4 ";
char *begin, *end;
char ip[32];
- begin = strstr(msg, pattern);
+ char *tmp = strdup(msg);
+
+ if(!tmp) return INADDR_NONE;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* Can't find what we're looking at -> return no address */
return INADDR_NONE;
}
begin += sizeof("c=IN IP4 ") - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
return INADDR_NONE;
+ }
+ *end = 0;
memset(ip, 0, 32);
- strncpy(ip, begin, end - begin);
+ strncpy(ip, begin, sizeof(ip) - 1);
+ ip[sizeof(ip) - 1] = 0;
+ free(tmp);
return inet_addr(ip);
}
@@ -148,20 +157,28 @@
char pattern[] = "c=IN IP6 ";
char *begin, *end;
char ip[128];
+ char *tmp = strdup(msg);
memset(&addr, 0, sizeof(addr));
memset(ip, 0, 128);
- begin = strstr(msg, pattern);
+ if(!tmp) return 0;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* Can't find what we're looking at -> return no address */
return 0;
}
begin += sizeof("c=IN IP6 ") - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
return 0;
- strncpy(ip, begin, end - begin);
+ }
+ *end = 0;
+ strncpy(ip, begin, sizeof(ip) - 1);
+ ip[sizeof(ip) - 1] = 0;
+ free(tmp);
if (!inet_pton(AF_INET6, ip, &addr)) {
return 0;
}
@@ -188,17 +205,25 @@
ERROR("Internal error: Undefined media pattern %d\n", 3);
}
- begin = strstr(msg, pattern);
+ char *tmp = strdup(msg);
+ if(!tmp) return 0;
+ begin = strstr(tmp, pattern);
if (!begin) {
+ free(tmp);
/* m=audio not found */
return 0;
}
begin += strlen(pattern) - 1;
end = strstr(begin, "\r\n");
- if (!end)
+ if (!end){
+ free(tmp);
ERROR("get_remote_port_media: no CRLF found");
+ }
+ *end = 0;
memset(number, 0, sizeof(number));
strncpy(number, begin, sizeof(number) - 1);
+ number[sizeof(number) - 1] = 0;
+ free(tmp);
return atoi(number);
}