From 2fcad6193b785955ec7a9adecdfe3a8edf8d33a9 Mon Sep 17 00:00:00 2001
From: Guillaume Roguez <guillaume.roguez@savoirfairelinux.com>
Date: Wed, 21 Sep 2016 11:58:36 -0400
Subject: [PATCH] sip: prevent too long hostname when resolving

This patch fixes PJSIP crash (assertion) due to too long
hostname given to resolve method.
We have a check for that but as PJSIP may prefix our given
name by such string as "_sip._udp.", the check is not enough.
This patch adds a security marge of 12 bytes to handle that.

Change-Id: Icb47e7d105ef0c8a9a10b1984f5e95bede623f8c
Tuleap: #969
---
 src/sip/sipvoiplink.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/sip/sipvoiplink.cpp b/src/sip/sipvoiplink.cpp
index 12c011030a..b5900fc781 100644
--- a/src/sip/sipvoiplink.cpp
+++ b/src/sip/sipvoiplink.cpp
@@ -1215,7 +1215,13 @@ resolver_callback(pj_status_t status, void *token, const struct pjsip_server_add
 void
 SIPVoIPLink::resolveSrvName(const std::string &name, pjsip_transport_type_e type, SrvResolveCallback cb)
 {
-    if (name.length() >= PJ_MAX_HOSTNAME) {
+    // PJSIP limits hostname to be longer than PJ_MAX_HOSTNAME.
+    // But, resolver prefix the given name by a string like "_sip._udp."
+    // causing a check against PJ_MAX_HOSTNAME to be useless.
+    // It's not easy to pre-determinate as it's implementation dependent.
+    // So we just choose a security marge enough for most cases, preventing a crash later
+    // in the call of pjsip_endpt_resolve().
+    if (name.length() > (PJ_MAX_HOSTNAME - 12)) {
         RING_ERR("Hostname is too long");
         cb({});
         return;
-- 
GitLab