Fix out-of-bound read for invalid XML

In the given example, there is an invalid field: To: sut <sip:[service]@[remote_ip]:"remote_port]> There are no more quotes later. When we search for the terminating quote, nothing is found, so we skip to the end of the string. Then the loop continues, we have p++ and continue beyond the buffer. Fixes #727.
SIPp · Sep 10, 2024 · 6154ab1 · 6154ab1
1 parent fcd8f34
commit 6154ab1
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/message.cpp b/src/message.cpp
@@ -130,7 +130,9 @@ static char* quoted_strchr(const char* s, int c)
     for (p = s; *p && *p != c; p++) {
         if (*p == '"') {
             p++;
-            p += strcspn(p, "\"");
+            p += strcspn(p, "\"\n");
+            if (!*p)
+                break;
         }
     }