|
|
@@ -314,7 +314,7 @@ int extract_candidate(str *body, sdp_stream_cell_t *stream)
|
|
|
int len, fl;
|
|
|
sdp_ice_attr_t *ice_attr;
|
|
|
|
|
|
- if((body->len < 12) || (strncasecmp(body->s, "a=candidate:", 12) != 0)) {
|
|
|
+ if((body->len <= 12) || (strncasecmp(body->s, "a=candidate:", 12) != 0)) {
|
|
|
/*LM_DBG("We are not pointing to an a=candidate: attribute =>`%.*s'\n", body->len, body->s); */
|
|
|
return -1;
|
|
|
}
|
|
|
@@ -332,6 +332,10 @@ int extract_candidate(str *body, sdp_stream_cell_t *stream)
|
|
|
|
|
|
start = space + 1;
|
|
|
len = len - (space - start + 1);
|
|
|
+ if(start + len > body->s + body->len) {
|
|
|
+ LM_ERR("no component in `a=candidate'\n");
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
space = memchr(start, 32, len);
|
|
|
if(space == NULL) {
|
|
|
LM_ERR("no component in `a=candidate'\n");
|
Daniel-Constantin Mierla