Correct handling of unknown SDP stream types

When the patch to handle arbitrary SDP stream arrangements went into Asterisk, it also included an ability to transparently decline unknown stream types. The scanf calls used were not checked properly causing this part of the functionality to be broken. (closes issue ASTERISK-20203) ........ Merged revisions 373211 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@373212 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2012-09-20 13:04:22 +00:00 · 2012-09-20 13:04:22 +00:00 · afa6b8f320
parent 7b823e9f8e
commit afa6b8f320
1 changed files with 2 additions and 4 deletions
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@ -9871,10 +9871,8 @@ static int process_sdp(struct sip_pvt *p, struct sip_request *req, int t38action
 			}
 		} else {
 			char type[20] = {0,};
-			char *typelen = strchr(m, ' ');
-			if (typelen && typelen - m < 20 &&
-			    ((sscanf(m, "%s %30u/%30u %n", type, &x, &numberofports, &len) == 2 && len > 0) ||
-			     (sscanf(m, "%s %30u %n", type, &x, &len) == 1 && len > 0))) {
+			if ((sscanf(m, "%19s %30u/%30u %n", type, &x, &numberofports, &len) == 3 && len > 0) ||
+			     (sscanf(m, "%19s %30u %n", type, &x, &len) == 2 && len > 0)) {
 				/* produce zero-port m-line since it may be needed later
 				 * length is "m=" + type + " 0 " + remainder + "\0" */
 				if (!(offer->decline_m_line = ast_malloc(2 + strlen(type) + 3 + strlen(m + len) + 1))) {