FGCOM
/
pjproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request from GHSA-fq45-m3f7-3mhj

Browse Source 
* Initial patch

* Use 'pj_scan_is_eof(scanner)'

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Use 'pj_scan_is_eof(scanner)'

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Use 'pj_scan_is_eof(scanner)'

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Use `!pj_scan_is_eof` instead of manually checking `scanner->curptr < scanner->end`

Co-authored-by: Maksim Mukosey <mmukosey@gmail.com>

* Update pjlib-util/src/pjlib-util/scanner.c

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Update pjlib-util/src/pjlib-util/scanner.c

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Update pjlib-util/src/pjlib-util/scanner.c

Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>

* Revert '>=' back to '>' in pj_scan_stricmp_alnum()

* Fix error compiles.

Co-authored-by: Nanang Izzuddin <nanang@teluu.com>
Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
Co-authored-by: Maksim Mukosey <mmukosey@gmail.com>
remotes/origin/ip-change-early
sauwming 2 years ago committed by GitHub
parent e948f48e2e
commit c4d34984ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 48 additions and 28 deletions
Show Stats Download Patch File Download Diff File

41
pjlib-util/src/pjlib-util/scanner.c
Unescape View File

@ -195,7 +195,13 @@ PJ_DEF(void) pj_scan_skip_whitespace( pj_scanner *scanner )
PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner ) PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner )
{ {
char *s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr); char *s;
if (pj_scan_is_eof(scanner)) {
return;
}
s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr);
if (!s) { if (!s) {
scanner->curptr = scanner->end; scanner->curptr = scanner->end;
} else { } else {
@ -264,8 +270,7 @@ PJ_DEF(void) pj_scan_get( pj_scanner *scanner,
pj_assert(pj_cis_match(spec,0)==0); pj_assert(pj_cis_match(spec,0)==0);
/* EOF is detected implicitly */ if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s)) {
if (!pj_cis_match(spec, *s)) {
pj_scan_syntax_err(scanner); pj_scan_syntax_err(scanner);
return; return;
} }
@ -299,8 +304,7 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner,
/* Must not match character '%' */ /* Must not match character '%' */
pj_assert(pj_cis_match(spec,'%')==0); pj_assert(pj_cis_match(spec,'%')==0);
/* EOF is detected implicitly */ if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s) && *s != '%') {
if (!pj_cis_match(spec, *s) && *s != '%') {
pj_scan_syntax_err(scanner); pj_scan_syntax_err(scanner);
return; return;
} }
@ -436,7 +440,9 @@ PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner,
scanner->curptr += N; scanner->curptr += N;
if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) { if (!pj_scan_is_eof(scanner) &&
PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws)
{
pj_scan_skip_whitespace(scanner); pj_scan_skip_whitespace(scanner);
} }
} }
@ -467,15 +473,16 @@ PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner )
PJ_DEF(void) pj_scan_get_newline( pj_scanner *scanner ) PJ_DEF(void) pj_scan_get_newline( pj_scanner *scanner )
{ {
if (!PJ_SCAN_IS_NEWLINE(*scanner->curptr)) { if (pj_scan_is_eof(scanner) || !PJ_SCAN_IS_NEWLINE(*scanner->curptr)) {
pj_scan_syntax_err(scanner); pj_scan_syntax_err(scanner);
return; return;
} }
/* We have checked scanner->curptr validity above */
if (*scanner->curptr == '\r') { if (*scanner->curptr == '\r') {
++scanner->curptr; ++scanner->curptr;
} }
if (*scanner->curptr == '\n') { if (!pj_scan_is_eof(scanner) && *scanner->curptr == '\n') {
++scanner->curptr; ++scanner->curptr;
} }
@ -520,7 +527,9 @@ PJ_DEF(void) pj_scan_get_until( pj_scanner *scanner,
scanner->curptr = s; scanner->curptr = s;
if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) { if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
scanner->skip_ws)
{
pj_scan_skip_whitespace(scanner); pj_scan_skip_whitespace(scanner);
} }
} }
@ -544,7 +553,9 @@ PJ_DEF(void) pj_scan_get_until_ch( pj_scanner *scanner,
scanner->curptr = s; scanner->curptr = s;
if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) { if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
scanner->skip_ws)
{
pj_scan_skip_whitespace(scanner); pj_scan_skip_whitespace(scanner);
} }
} }
@ -570,7 +581,9 @@ PJ_DEF(void) pj_scan_get_until_chr( pj_scanner *scanner,
scanner->curptr = s; scanner->curptr = s;
if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) { if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
scanner->skip_ws)
{
pj_scan_skip_whitespace(scanner); pj_scan_skip_whitespace(scanner);
} }
} }
@ -585,7 +598,9 @@ PJ_DEF(void) pj_scan_advance_n( pj_scanner *scanner,
scanner->curptr += N; scanner->curptr += N;
if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && skip_ws) { if (!pj_scan_is_eof(scanner) &&
PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && skip_ws)
{
pj_scan_skip_whitespace(scanner); pj_scan_skip_whitespace(scanner);
} }
} }
@ -636,5 +651,3 @@ PJ_DEF(void) pj_scan_restore_state( pj_scanner *scanner,
scanner->line = state->line; scanner->line = state->line;
scanner->start_line = state->start_line; scanner->start_line = state->start_line;
} }

11
pjmedia/src/pjmedia/rtp.c
Unescape View File

@ -188,6 +188,11 @@ PJ_DEF(pj_status_t) pjmedia_rtp_decode_rtp2(
/* Payload is located right after header plus CSRC */ /* Payload is located right after header plus CSRC */
offset = sizeof(pjmedia_rtp_hdr) + ((*hdr)->cc * sizeof(pj_uint32_t)); offset = sizeof(pjmedia_rtp_hdr) + ((*hdr)->cc * sizeof(pj_uint32_t));
/* Check that offset is less than packet size */
if (offset >= pkt_len) {
return PJMEDIA_RTP_EINLEN;
}
/* Decode RTP extension. */ /* Decode RTP extension. */
if ((*hdr)->x) { if ((*hdr)->x) {
if (offset + sizeof (pjmedia_rtp_ext_hdr) > (unsigned)pkt_len) if (offset + sizeof (pjmedia_rtp_ext_hdr) > (unsigned)pkt_len)
@ -202,8 +207,8 @@ PJ_DEF(pj_status_t) pjmedia_rtp_decode_rtp2(
dec_hdr->ext_len = 0; dec_hdr->ext_len = 0;
} }
/* Check that offset is less than packet size */ /* Check again that offset is still less than packet size */
if (offset > pkt_len) if (offset >= pkt_len)
return PJMEDIA_RTP_EINLEN; return PJMEDIA_RTP_EINLEN;
/* Find and set payload. */ /* Find and set payload. */
@ -393,5 +398,3 @@ void pjmedia_rtp_seq_update( pjmedia_rtp_seq_session *sess,
seq_status->status.value = st.status.value; seq_status->status.value = st.status.value;
} }
} }

24
pjmedia/src/pjmedia/sdp.c
Unescape View File

@ -983,13 +983,13 @@ static void parse_version(pj_scanner *scanner,
ctx->last_error = PJMEDIA_SDP_EINVER; ctx->last_error = PJMEDIA_SDP_EINVER;
/* check equal sign */ /* check equal sign */
if (*(scanner->curptr+1) != '=') { if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
/* check version is 0 */ /* check version is 0 */
if (*(scanner->curptr+2) != '0') { if (scanner->curptr+2 >= scanner->end || *(scanner->curptr+2) != '0') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
@ -1006,7 +1006,7 @@ static void parse_origin(pj_scanner *scanner, pjmedia_sdp_session *ses,
ctx->last_error = PJMEDIA_SDP_EINORIGIN; ctx->last_error = PJMEDIA_SDP_EINORIGIN;
/* check equal sign */ /* check equal sign */
if (*(scanner->curptr+1) != '=') { if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
@ -1052,7 +1052,7 @@ static void parse_time(pj_scanner *scanner, pjmedia_sdp_session *ses,
ctx->last_error = PJMEDIA_SDP_EINTIME; ctx->last_error = PJMEDIA_SDP_EINTIME;
/* check equal sign */ /* check equal sign */
if (*(scanner->curptr+1) != '=') { if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
@ -1080,7 +1080,7 @@ static void parse_generic_line(pj_scanner *scanner, pj_str_t *str,
ctx->last_error = PJMEDIA_SDP_EINSDP; ctx->last_error = PJMEDIA_SDP_EINSDP;
/* check equal sign */ /* check equal sign */
if (*(scanner->curptr+1) != '=') { if ((scanner->curptr+1 >= scanner->end) || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
@ -1149,7 +1149,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
ctx->last_error = PJMEDIA_SDP_EINMEDIA; ctx->last_error = PJMEDIA_SDP_EINMEDIA;
/* check the equal sign */ /* check the equal sign */
if (*(scanner->curptr+1) != '=') { if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return; return;
} }
@ -1164,6 +1164,10 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
/* port */ /* port */
pj_scan_get(scanner, &cs_token, &str); pj_scan_get(scanner, &cs_token, &str);
med->desc.port = (unsigned short)pj_strtoul(&str); med->desc.port = (unsigned short)pj_strtoul(&str);
if (pj_scan_is_eof(scanner)) {
on_scanner_error(scanner);
return;
}
if (*scanner->curptr == '/') { if (*scanner->curptr == '/') {
/* port count */ /* port count */
pj_scan_get_char(scanner); pj_scan_get_char(scanner);
@ -1175,7 +1179,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
} }
if (pj_scan_get_char(scanner) != ' ') { if (pj_scan_get_char(scanner) != ' ') {
PJ_THROW(SYNTAX_ERROR); on_scanner_error(scanner);
} }
/* transport */ /* transport */
@ -1183,7 +1187,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
/* format list */ /* format list */
med->desc.fmt_count = 0; med->desc.fmt_count = 0;
while (*scanner->curptr == ' ') { while (scanner->curptr < scanner->end && *scanner->curptr == ' ') {
pj_str_t fmt; pj_str_t fmt;
pj_scan_get_char(scanner); pj_scan_get_char(scanner);
@ -1223,7 +1227,7 @@ static pjmedia_sdp_attr *parse_attr( pj_pool_t *pool, pj_scanner *scanner,
attr = PJ_POOL_ALLOC_T(pool, pjmedia_sdp_attr); attr = PJ_POOL_ALLOC_T(pool, pjmedia_sdp_attr);
/* check equal sign */ /* check equal sign */
if (*(scanner->curptr+1) != '=') { if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
on_scanner_error(scanner); on_scanner_error(scanner);
return NULL; return NULL;
} }
@ -1242,7 +1246,7 @@ static pjmedia_sdp_attr *parse_attr( pj_pool_t *pool, pj_scanner *scanner,
pj_scan_get_char(scanner); pj_scan_get_char(scanner);
/* get value */ /* get value */
if (*scanner->curptr != '\r' && *scanner->curptr != '\n') { if (!pj_scan_is_eof(scanner) && *scanner->curptr != '\r' && *scanner->curptr != '\n') {
pj_scan_get_until_chr(scanner, "\r\n", &attr->value); pj_scan_get_until_chr(scanner, "\r\n", &attr->value);
} else { } else {
attr->value.ptr = NULL; attr->value.ptr = NULL;

Write Preview
Loading…
Cancel
Save