Sophie: opal-2.2.6-1.1mdv2007.1 src

opal-2.2.6-1.1mdv2007.1.src.rpm

diff -pruN opal-2.2.2.orig/src/sip/sippdu.cxx opal-2.2.2/src/sip/sippdu.cxx
--- opal-2.2.2.orig/src/sip/sippdu.cxx	2006-05-06 18:05:13.000000000 +0200
+++ opal-2.2.2/src/sip/sippdu.cxx	2007-09-27 16:49:33.000000000 +0200
@@ -650,7 +650,7 @@ OpalTransportAddress SIPURL::GetHostAddr
   else
     addr += hostname;
 
-  if (port != 0)
+  if (port > 0)
     addr.sprintf(":%u", port);
 
   return addr;
@@ -1751,6 +1751,17 @@ BOOL SIP_PDU::Read(OpalTransport & trans
 
   // get the SDP content
   PINDEX contentLength = mime.GetContentLength();
+
+  // assume entity bodies can't be longer than a UDP packet
+  if (contentLength > 1500) {
+    PTRACE(2, "SIP\tImplausibly long Content-Length " << contentLength << " received on " << transport);
+    return FALSE;
+  }
+  else if (contentLength < 0) {
+    PTRACE(2, "SIP\tImpossible negative Content-Length on " << transport);
+    return FALSE;
+  }
+
   if (contentLength > 0)
     transport.read(entityBody.GetPointer(contentLength+1), contentLength);
   entityBody[contentLength] = '\0';