libs/pjproject/patches/130-Parse-zero-length-multipart-body-parts-correctly.patch

   1 From f0c717463d569f87a16f9b014033c8ca8939a7b4 Mon Sep 17 00:00:00 2001
   2 From: Mark Michelson <mmichelson@digium.com>
   3 Date: Thu, 13 Apr 2017 16:59:40 -0500
   4 Subject: [PATCH] Parse zero-length multipart body parts correctly.
   5
   6 The calculation of end_body could result in a negative length being
   7 passed to multipart_body_parse_part().
   8 ---
   9  pjsip/src/pjsip/sip_multipart.c | 16 +++++++++-------
  10  1 file changed, 9 insertions(+), 7 deletions(-)
  11
  12 --- a/pjsip/src/pjsip/sip_multipart.c
  13 +++ b/pjsip/src/pjsip/sip_multipart.c
  14 @@ -646,13 +646,15 @@ PJ_DEF(pjsip_msg_body*) pjsip_multipart_
  15
  16         end_body = curptr;
  17
  18 -       /* The newline preceeding the delimiter is conceptually part of
  19 -        * the delimiter, so trim it from the body.
  20 -        */
  21 -       if (*(end_body-1) == '\n')
  22 -           --end_body;
  23 -       if (*(end_body-1) == '\r')
  24 -           --end_body;
  25 +       if (end_body > start_body) {
  26 +           /* The newline preceeding the delimiter is conceptually part of
  27 +            * the delimiter, so trim it from the body.
  28 +            */
  29 +           if (*(end_body-1) == '\n')
  30 +               --end_body;
  31 +           if (*(end_body-1) == '\r')
  32 +                --end_body;
  33 +       }
  34
  35         /* Now that we have determined the part's boundary, parse it
  36          * to get the header and body part of the part.