Merge pull request from GHSA-8w5j-6g2j-pxcp

Fix Heap-buffer-overflow in parse_descs and parse_message
freeswitch · May 25, 2022 · 907f2ac · 907f2ac
2 parents 5f18366 + c07f05a
commit 907f2ac
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/libsofia-sip-ua/sdp/sdp_parse.c b/libsofia-sip-ua/sdp/sdp_parse.c
@@ -396,6 +396,10 @@ static void parse_message(sdp_parser_t *p)
        record = next(&message, CRLF, strip)) {
     field = record[0];
 
+    if (strlen(record) < 2) {
+      return;
+    }
+
     rest = record + 2; rest += strspn(rest, strip);
 
     if (record[1] != '=') {
@@ -1763,6 +1767,10 @@ static void parse_descs(sdp_parser_t *p,
        record = next(&message, CRLF, strip)) {
     char field = record[0];
 
+    if (strlen(record) < 2) {
+      return;
+    }
+
     rest = record + 2; rest += strspn(rest, strip);
 
     if (record[1] == '=') switch (field) {