diff --git a/src/packet.c b/src/packet.c index 439e5ae..0c7ca80 100644 --- a/src/packet.c +++ b/src/packet.c @@ -144,6 +144,7 @@ packet_set_payload(packet_t *packet, u_char *payload, uint32_t payload_len) packet->payload = malloc(payload_len + 1); memset(packet->payload, 0, payload_len + 1); memcpy(packet->payload, payload, payload_len); + packet->payload[payload_len] = '\0'; packet->payload_len = payload_len; } } diff --git a/src/sip.c b/src/sip.c index 1a7f1b9..8ca068f 100644 --- a/src/sip.c +++ b/src/sip.c @@ -307,6 +307,11 @@ sip_validate_packet(packet_t *packet) } if (content_len < bodylen) { + // Check body ends with '\r\n' + if (payload[pmatch[1].rm_so + content_len - 1] != '\n') + return VALIDATE_NOT_SIP; + if (payload[pmatch[1].rm_so + content_len - 2] != '\r') + return VALIDATE_NOT_SIP; // We got more than one SIP message in the same packet packet_set_payload(packet, payload, pmatch[1].rm_so + content_len); return VALIDATE_MULTIPLE_SIP; @@ -716,7 +721,7 @@ sip_parse_msg_media(sip_msg_t *msg, const u_char *payload) // Check if we have attribute format string if (!strncmp(line, "a=rtpmap:", 9)) { - if (media && sscanf(line, "a=rtpmap:%u %[^ ]", &media_fmt_code, media_format)) { + if (media && sscanf(line, "a=rtpmap:%u %30[^ ]", &media_fmt_code, media_format)) { media_add_format(media, media_fmt_code, media_format); } }