7erryX created an issue (kamailio/kamailio#4451)
### Description
In [Commit
bf6bd11](https://github.com/kamailio/kamailio/commit/bf6bd11a9b969c02a106f94ebf40cefbe8028456)
`parse_content_length` in `src/core/parser/parse_content.c` was added a new
boundary check to prevent Out-of-bound memory operation. While there is a
similar function, `decode_mime_type` in `src/core/parser/parse_content.c`,
containing a similar logic flaw.
```C
while(p < end
&& (*p == ' ' || *p == '\t'
|| (*p == '\n' && (*(p + 1) == ' ' ||
*(p + 1) == '\t'))))
p++;
if(p == end)
goto error;
```
### Possible Solutions
Would it make sense to add a similar boundary check in the same way as
`bf6bd11` did by adding `p+1<end`?
Thank you for spending time reading this issue and apologies if I missed
anything.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/4451
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/[email protected]>_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
