From a933d99cc6339d77fe159c8dd70d9deeba5fdc3a Mon Sep 17 00:00:00 2001
From: Jason Stephenson <jstephenson@mvlc.org>
Date: Tue, 23 Oct 2012 10:36:48 -0400
Subject: [PATCH] LP#1070470: Limit variable fields to 255 characters.

The SIP2 protocol document specifies that variable fields are to be from
0 to 255 characters in length, not counting the field identifier or the
delimiter.

This branch adds some defensive coding to Sip::add_field to truncate any
field values that are longer than 255 characters to 255 characters before
adding them to the response.

Signed-off-by: Jason Stephenson <jstephenson@mvlc.org>
Signed-off-by: Galen Charlton <gmc@esilibrary.com>
---
 Sip.pm | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Sip.pm b/Sip.pm
index 9dea1c1..a687cd7 100644
--- a/Sip.pm
+++ b/Sip.pm
@@ -90,6 +90,13 @@ sub add_field {
 	substr($value, $i, 1) = $ent;
     }
 
+    # SIP2 Protocol document specifies that variable fields are from 0
+    # to 255 characters in length.  We'll do a check of the field
+    # length and truncate if necessary.
+    if (length($value) > 255) {
+        $value = substr($value, 0, 255);
+    }
+
     return $field_id . $value . $field_delimiter;
 }
 #
-- 
2.11.0