Skip to content

Commit

Permalink
Fix out-of-bound read for invalid XML
Browse files Browse the repository at this point in the history 
In the given example, there is an invalid field:
To: sut <sip:[service]@[remote_ip]:"remote_port]>

There are no more quotes later. When we search for the terminating
quote, nothing is found, so we skip to the end of the string. Then
the loop continues, we have p++ and continue beyond the buffer.

Fixes #727.
  • Loading branch information
@orgads
orgads committed Sep 10, 2024
1 parent fcd8f34 commit eea7779
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/message.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,9 @@ static char* quoted_strchr(const char* s, int c)
for (p = s; *p && *p != c; p++) {
if (*p == '"') {
p++;
p += strcspn(p, "\"");
p += strcspn(p, "\"\n");

Check notice

Code scanning / CodeQL

For loop variable changed in body Note

Loop counters should not be modified in the body of the
loop
Loading
.
if (!*p)
break;
}
}

Expand Down

0 comments on commit eea7779

Please sign in to comment.