diff options
| author | Anderson Lizardo <anderson.lizardo@openbossa.org> | 2013-02-15 11:07:51 -0400 |
|---|---|---|
| committer | Johan Hedberg <johan.hedberg@intel.com> | 2013-02-18 10:00:52 +0200 |
| commit | 1e75de470e439aaebce3f5c6370f64545026d7ac (patch) | |
| tree | 2e86d4203b07b9262ed78662f112609009a46c95 /lib | |
| parent | 67c7f0bf9b0c5d7023c60fdd4b0b287c212922e4 (diff) | |
lib: Validate DTDs when parsing LanguageBaseAttributeIDList
Also check if the required number of entries is present.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/sdp.c | 32 |
1 files changed, 25 insertions, 7 deletions
@@ -2019,19 +2019,30 @@ int sdp_get_lang_attr(const sdp_record_t *rec, sdp_list_t **langSeq) errno = ENODATA; return -1; } + + if (!SDP_IS_SEQ(sdpdata->dtd)) + goto invalid; curr_data = sdpdata->val.dataseq; + while (curr_data) { - sdp_data_t *pCode = curr_data; - sdp_data_t *pEncoding; - sdp_data_t *pOffset; + sdp_data_t *pCode, *pEncoding, *pOffset; + + pCode = curr_data; + if (pCode->dtd != SDP_UINT16) + goto invalid; + + /* LanguageBaseAttributeIDList entries are always grouped as + * triplets */ + if (!pCode->next || !pCode->next->next) + goto invalid; pEncoding = pCode->next; - if (!pEncoding) - break; + if (pEncoding->dtd != SDP_UINT16) + goto invalid; pOffset = pEncoding->next; - if (!pOffset) - break; + if (pOffset->dtd != SDP_UINT16) + goto invalid; lang = malloc(sizeof(sdp_lang_attr_t)); if (!lang) { @@ -2051,6 +2062,13 @@ int sdp_get_lang_attr(const sdp_record_t *rec, sdp_list_t **langSeq) } return 0; + +invalid: + sdp_list_free(*langSeq, free); + *langSeq = NULL; + errno = EINVAL; + + return -1; } int sdp_get_profile_descs(const sdp_record_t *rec, sdp_list_t **profDescSeq) |