From c011389c3fdeac7c7f120deece36948d84a77168 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=98=BF=E6=96=8C?= <38912748@qq.com>
Date: Sat, 21 Mar 2026 16:15:47 +0000
Subject: [PATCH] =?UTF-8?q?SDP=20=E6=B3=A8=E5=85=A5=E6=94=BB=E5=87=BB=20/?=
 =?UTF-8?q?=20=E9=9D=9E=E6=B3=95=20SDP=20=E5=8D=8F=E8=AE=AE=E6=95=B0?=
 =?UTF-8?q?=E6=8D=AE=20java.text.ParseException:=20[C@2f1fec26=20ID=20expe?=
 =?UTF-8?q?cted=20=20=20=20=20=20=20=20=20at=20gov.nist.core.LexerCore.mat?=
 =?UTF-8?q?ch(LexerCore.java:229)=20=20=20=20=20=20=20=20=20at=20gov.nist.?=
 =?UTF-8?q?javax.sdp.parser.OriginFieldParser.originField(OriginFieldParse?=
 =?UTF-8?q?r.java:90)=20=20=20=20=20=20=20=20=20at=20gov.nist.javax.sdp.pa?=
 =?UTF-8?q?rser.OriginFieldParser.parse(OriginFieldParser.java:108)=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20at=20gov.nist.javax.sdp.parser.SDPAnnounce?=
 =?UTF-8?q?Parser.parse(SDPAnnounceParser.java:113)=20=20=20=20=20=20=20?=
 =?UTF-8?q?=20=20at=20javax.sdp.SdpFactory.createSessionDescription(SdpFac?=
 =?UTF-8?q?tory.java:129)=20=20=20=20=20=20=20=20=20at=20com.genersoft.iot?=
 =?UTF-8?q?.vmp.gb28181.utils.SipUtils.parseSDP(SipUtils.java:229)=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20at=20com.genersoft.iot.vmp.gb28181.transmi?=
 =?UTF-8?q?t.event.request.impl.InviteRequestProcessor.decode(InviteReques?=
 =?UTF-8?q?tProcessor.java:275)=20=20=20=20=20=20=20=20=20at=20com.generso?=
 =?UTF-8?q?ft.iot.vmp.gb28181.transmit.event.request.impl.InviteRequestPro?=
 =?UTF-8?q?cessor.process(InviteRequestProcessor.java:125)=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20at=20com.genersoft.iot.vmp.gb28181.transmit.SIPProc?=
 =?UTF-8?q?essorObserver.processRequest(SIPProcessorObserver.java:71)=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20=20at=20java.base/jdk.internal.reflect.Dir?=
 =?UTF-8?q?ectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:?=
 =?UTF-8?q?103)=20=20=20=20=20=20=20=20=20at=20java.base/java.lang.reflect?=
 =?UTF-8?q?.Method.invoke(Method.java:580)=20=20=20=20=20=20=20=20=20at=20?=
 =?UTF-8?q?org.springframework.aop.support.AopUtils.invokeJoinpointUsingRe?=
 =?UTF-8?q?flection(AopUtils.java:359)=20=20=20=20=20=20=20=20=20at=20org.?=
 =?UTF-8?q?springframework.aop.framework.ReflectiveMethodInvocation.invoke?=
 =?UTF-8?q?Joinpoint(ReflectiveMethodInvocation.java:196)=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20at=20org.springframework.aop.framework.ReflectiveMe?=
 =?UTF-8?q?thodInvocation.proceed(ReflectiveMethodInvocation.java:163)=20?=
 =?UTF-8?q?=20=20=20=20=20=20=20=20at=20org.springframework.aop.intercepto?=
 =?UTF-8?q?r.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInter?=
 =?UTF-8?q?ceptor.java:114)=20=20=20=20=20=20=20=20=20at=20java.base/java.?=
 =?UTF-8?q?util.concurrent.FutureTask.run(FutureTask.java:317)=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20at=20java.base/java.util.concurrent.ThreadPoolEx?=
 =?UTF-8?q?ecutor.runWorker(ThreadPoolExecutor.java:1144)=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20at=20java.base/java.util.concurrent.ThreadPoolExecu?=
 =?UTF-8?q?tor$Worker.run(ThreadPoolExecutor.java:642)=20=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20at=20java.base/java.lang.Thread.run(Thread.java:1583)?=
 =?UTF-8?q?=20java.text.ParseException:=20o=3D-=20'=20OR=20'a'=3D'a';=20--?=
 =?UTF-8?q?=201=20IN=20IP4=20179.43.150.26=20=20=20=20=20=20=20=20=20at=20?=
 =?UTF-8?q?gov.nist.javax.sdp.parser.OriginFieldParser.originField(OriginF?=
 =?UTF-8?q?ieldParser.java:103)=20=20=20=20=20=20=20=20=20at=20gov.nist.ja?=
 =?UTF-8?q?vax.sdp.parser.OriginFieldParser.parse(OriginFieldParser.java:1?=
 =?UTF-8?q?08)=20=20=20=20=20=20=20=20=20at=20gov.nist.javax.sdp.parser.SD?=
 =?UTF-8?q?PAnnounceParser.parse(SDPAnnounceParser.java:113)=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20at=20javax.sdp.SdpFactory.createSessionDescripti?=
 =?UTF-8?q?on(SdpFactory.java:129)=20=20=20=20=20=20=20=20=20at=20com.gene?=
 =?UTF-8?q?rsoft.iot.vmp.gb28181.utils.SipUtils.parseSDP(SipUtils.java:229?=
 =?UTF-8?q?)=20=20=20=20=20=20=20=20=20at=20com.genersoft.iot.vmp.gb28181.?=
 =?UTF-8?q?transmit.event.request.impl.InviteRequestProcessor.decode(Invit?=
 =?UTF-8?q?eRequestProcessor.java:275)=20=20=20=20=20=20=20=20=20at=20com.?=
 =?UTF-8?q?genersoft.iot.vmp.gb28181.transmit.event.request.impl.InviteReq?=
 =?UTF-8?q?uestProcessor.process(InviteRequestProcessor.java:125)=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20at=20com.genersoft.iot.vmp.gb28181.transmit.S?=
 =?UTF-8?q?IPProcessorObserver.processRequest(SIPProcessorObserver.java:71?=
 =?UTF-8?q?)=20=20=20=20=20=20=20=20=20at=20java.base/jdk.internal.reflect?=
 =?UTF-8?q?.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.j?=
 =?UTF-8?q?ava:103)=20=20=20=20=20=20=20=20=20at=20java.base/java.lang.ref?=
 =?UTF-8?q?lect.Method.invoke(Method.java:580)=20=20=20=20=20=20=20=20=20a?=
 =?UTF-8?q?t=20org.springframework.aop.support.AopUtils.invokeJoinpointUsi?=
 =?UTF-8?q?ngReflection(AopUtils.java:359)=20=20=20=20=20=20=20=20=20at=20?=
 =?UTF-8?q?org.springframework.aop.framework.ReflectiveMethodInvocation.in?=
 =?UTF-8?q?vokeJoinpoint(ReflectiveMethodInvocation.java:196)=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20at=20org.springframework.aop.framework.Reflectiv?=
 =?UTF-8?q?eMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)?=
 =?UTF-8?q?=20=20=20=20=20=20=20=20=20at=20org.springframework.aop.interce?=
 =?UTF-8?q?ptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionIn?=
 =?UTF-8?q?terceptor.java:114)=20=20=20=20=20=20=20=20=20at=20java.base/ja?=
 =?UTF-8?q?va.util.concurrent.FutureTask.run(FutureTask.java:317)=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20at=20java.base/java.util.concurrent.ThreadPoo?=
 =?UTF-8?q?lExecutor.runWorker(ThreadPoolExecutor.java:1144)=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20at=20java.base/java.util.concurrent.ThreadPoolEx?=
 =?UTF-8?q?ecutor$Worker.run(ThreadPoolExecutor.java:642)=20=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20at=20java.base/java.lang.Thread.run(Thread.java:158?=
 =?UTF-8?q?3)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 阿斌 <38912748@qq.com>
---
 .../genersoft/iot/vmp/gb28181/utils/SipUtils.java | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java b/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java
index 90a7e2aac..831790357 100644
--- a/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java
@@ -204,6 +204,21 @@ public class SipUtils {
     }
 
     public static Gb28181Sdp parseSDP(String sdpStr) throws SdpParseException {
+        
+        // 校验：拦截空内容与注入攻击特征
+        if (sdpStr == null || sdpStr.trim().isEmpty()) {
+            throw new SdpParseException(0, 0, "SDP内容为空");
+        }
+        // 标准SDP每行格式固定为 "x=value"，不存在SQL关键字；出现则视为注入攻击
+        String sdpUpper = sdpStr.toUpperCase();
+        if (sdpUpper.contains("' OR '") || sdpUpper.contains("' OR 1") || sdpUpper.contains(" OR 1=1")
+                || sdpUpper.contains("--") || sdpUpper.contains("/*") || sdpUpper.contains("*/")
+                || sdpUpper.contains("DROP ") || sdpUpper.contains("INSERT ") || sdpUpper.contains("UPDATE ")
+                || sdpUpper.contains("DELETE ") || sdpUpper.contains("UNION ") || sdpUpper.contains("SELECT ")) {
+            log.error("[SDP注入攻击] 检测到非法SDP内容，已拒绝解析，内容长度: {}", sdpStr.length());
+            throw new SdpParseException(0, 0, "非法SDP内容");
+        }
+        //校验结束
 
         // jainSip不支持y= f=字段， 移除以解析。
         int ssrcIndex = sdpStr.indexOf("y=");