RFC 3261 [20.19] specifies the Expiry value of a method to be between 0 and 2^32-1 seconds.  Internally, the expiry value (stored as pjsip_expires_hdr, which is pjsip_generic_int_hdr, which is pj_int32_t) is a signed value, so when a method with a large expiry comes in, it overflows. I think the corrective action here would be to either change the expiry variable to an pj_uint32_t or, if -1 is a valid internal value, pj_int64_t. GIL RICHARD • SOFTWARE SYSTEMS DEVELOPER INTERTALK CRITICAL INFORMATION SYSTEMS P: +1 902-468-5998 /ext. 211/ • intertalksystems.com <http://www.intertalksystems.com/> twitter <http://www.twitter.com/intertalk>facebook <http://www.facebook.com/intertalksystems>linkedin <https://www.linkedin.com/company/intertalk-critical-information-systems>googleplus <https://plus.google.com/b/113442019948732317375/113442019948732317375>youtube <https://www.youtube.com/channel/UCVE3M85QKCBDvEb19I8UUWg> InterTalk-PbP-email <http://www.intertalksystems.com/> Please consider the environment before printing this e-mail. The information contained in this e-mail message, together with any attachments thereto, are intended only for the personal and confidential use of the addressee(s) named above. The message and the attachments are or may be a privileged or protected communication. If you are not the intended recipient of this message, or authorized to receive it for the intended recipient, you have received this message in error. If you received this message in error, you are not to review, use, disseminate, distribute or copy it or any attachments and are requested to immediately notify us by return e-mail message, and delete the original message.

Hi Gil, Thanks for reporting this. You are right of course, but we seem to need more than changing the variable type in pjsip_generic_int_hdr, since there also other APIs which also takes in the value of int. We have created a ticket #2209 ( https://trac.pjsip.org/repos/ticket/2209#ticket) for this, will update you again when it's done. Regards, Ming On Wed, Jun 19, 2019 at 9:19 PM Gil Richard <grichard@intertalksystems.com> wrote: > RFC 3261 [20.19] specifies the Expiry value of a method to be between 0 > and 2^32-1 seconds. Internally, the expiry value (stored as > pjsip_expires_hdr, which is pjsip_generic_int_hdr, which is pj_int32_t) is > a signed value, so when a method with a large expiry comes in, it overflows. > > I think the corrective action here would be to either change the expiry > variable to an pj_uint32_t or, if -1 is a valid internal value, pj_int64_t. > > GIL RICHARD • SOFTWARE SYSTEMS DEVELOPER > INTERTALK CRITICAL INFORMATION SYSTEMS > P: +1 902-468-5998 *ext. 211* • intertalksystems.com > <http://www.intertalksystems.com/> > [image: twitter] <http://www.twitter.com/intertalk>[image: facebook] > <http://www.facebook.com/intertalksystems>[image: linkedin] > <https://www.linkedin.com/company/intertalk-critical-information-systems>[image: > googleplus] > <https://plus.google.com/b/113442019948732317375/113442019948732317375>[image: > youtube] <https://www.youtube.com/channel/UCVE3M85QKCBDvEb19I8UUWg> > [image: InterTalk-PbP-email] <http://www.intertalksystems.com/> > Please consider the environment before printing this e-mail. The > information contained in this e-mail message, together with any attachments > thereto, are intended only for the personal and confidential use of the > addressee(s) named above. The message and the attachments are or may be a > privileged or protected communication. If you are not the intended > recipient of this message, or authorized to receive it for the intended > recipient, you have received this message in error. If you received this > message in error, you are not to review, use, disseminate, distribute or > copy it or any attachments and are requested to immediately notify us by > return e-mail message, and delete the original message. > _______________________________________________ > Visit our blog: http://blog.pjsip.org > > pjsip mailing list > pjsip@lists.pjsip.org > http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >

Hi Gil, We have completed the ticket #2209 (https://trac.pjsip.org/repos/ticket/2209) and it's quite a major change. Note also that it causes a few backward compatibility issues, which can be found in the ticket page, or 2.10 milestone page (https://trac.pjsip.org/repos/milestone/release-2.10). Best regards, Ming On Mon, Jun 24, 2019 at 6:37 PM Ming <ming@teluu.com> wrote: > Hi Gil, > > Thanks for reporting this. You are right of course, but we seem to need > more than changing the variable type in pjsip_generic_int_hdr, since there > also other APIs which also takes in the value of int. > > We have created a ticket #2209 ( > https://trac.pjsip.org/repos/ticket/2209#ticket) for this, will update > you again when it's done. > > Regards, > Ming > > On Wed, Jun 19, 2019 at 9:19 PM Gil Richard <grichard@intertalksystems.com> > wrote: > >> RFC 3261 [20.19] specifies the Expiry value of a method to be between 0 >> and 2^32-1 seconds. Internally, the expiry value (stored as >> pjsip_expires_hdr, which is pjsip_generic_int_hdr, which is pj_int32_t) is >> a signed value, so when a method with a large expiry comes in, it overflows. >> >> I think the corrective action here would be to either change the expiry >> variable to an pj_uint32_t or, if -1 is a valid internal value, pj_int64_t. >> >> GIL RICHARD • SOFTWARE SYSTEMS DEVELOPER >> INTERTALK CRITICAL INFORMATION SYSTEMS >> P: +1 902-468-5998 *ext. 211* • intertalksystems.com >> <http://www.intertalksystems.com/> >> [image: twitter] <http://www.twitter.com/intertalk>[image: facebook] >> <http://www.facebook.com/intertalksystems>[image: linkedin] >> <https://www.linkedin.com/company/intertalk-critical-information-systems>[image: >> googleplus] >> <https://plus.google.com/b/113442019948732317375/113442019948732317375>[image: >> youtube] <https://www.youtube.com/channel/UCVE3M85QKCBDvEb19I8UUWg> >> [image: InterTalk-PbP-email] <http://www.intertalksystems.com/> >> Please consider the environment before printing this e-mail. The >> information contained in this e-mail message, together with any attachments >> thereto, are intended only for the personal and confidential use of the >> addressee(s) named above. The message and the attachments are or may be a >> privileged or protected communication. If you are not the intended >> recipient of this message, or authorized to receive it for the intended >> recipient, you have received this message in error. If you received this >> message in error, you are not to review, use, disseminate, distribute or >> copy it or any attachments and are requested to immediately notify us by >> return e-mail message, and delete the original message. >> _______________________________________________ >> Visit our blog: http://blog.pjsip.org >> >> pjsip mailing list >> pjsip@lists.pjsip.org >> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org >> >