On Mar 31, 2009 at 10:57, Klaus Darilion klaus.mailinglists@pernau.at wrote:
Andrei Pelinescu-Onciul schrieb:
On Mar 30, 2009 at 16:06, Daniel-Constantin Mierla miconda@gmail.com wrote:
Hello,
the data lumps system is critically affected if content-length is wrong for UDP. The anchor_lump() calls abort() in the case content-length is higher than actually body length.
It's true that anchor_lump() calls abort if the offset passed to it is outside the message, but I don't see where anchor_lump() is called with a value depending on Content-Length (at least in sip-router and ser).
This can be prevented by called sanity module to check the content length, however, I consider being too drastic to have abort in such case, it would be better to return an error and let the sip router process other messages. Opinions?
Checking sip-router sources, it faces same issue.
Another option would be to correct the C-L value locally, but the right one is that phone vendor fixes its side.
It's fixed automatically in sip-router, if the destination protocol is tcp or tls.
How can this be fixed automatically? How will the proxy know when then body ends and the next message starts?
If the destination is tcp or tls, but the source is not (source is udp or sctp). One more clarification: it does not the fix the value of the content length visible from sr, it will fix the Content-Length header in the forwarded message.
regards klaus
PS: IMO the server should respond with "400 wrong content length" if accessing of the body is required and the length is wrong
Why would anyone use content-length for accessing the body in the first place? You always know (in sr/ser/k) where the message ends (msg->buf+msg->len) and where the body starts (get_body(msg)).
Andrei