Pre Merge pull request !46 from 阿斌/N/A

部标-tcp空闲超时时间改为可配置
SDP 注入攻击 / 非法 SDP 协议数据
2026-06-29 21:47:50 +08:00 · 2026-05-20 03:21:45 +00:00 · 2026-05-20 11:20:56 +08:00 · 2026-03-21 16:15:47 +00:00
5 changed files with 30 additions and 4 deletions
--- a/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/gb28181/utils/SipUtils.java
@ -205,6 +205,21 @@ public class SipUtils {
    }

    public static Gb28181Sdp parseSDP(String sdpStr) throws SdpParseException {
+        
+        // 校验：拦截空内容与注入攻击特征
+        if (sdpStr == null || sdpStr.trim().isEmpty()) {
+            throw new SdpParseException(0, 0, "SDP内容为空");
+        }
+        // 标准SDP每行格式固定为 "x=value"，不存在SQL关键字；出现则视为注入攻击
+        String sdpUpper = sdpStr.toUpperCase();
+        if (sdpUpper.contains("' OR '") || sdpUpper.contains("' OR 1") || sdpUpper.contains(" OR 1=1")
+                || sdpUpper.contains("--") || sdpUpper.contains("/*") || sdpUpper.contains("*/")
+                || sdpUpper.contains("DROP ") || sdpUpper.contains("INSERT ") || sdpUpper.contains("UPDATE ")
+                || sdpUpper.contains("DELETE ") || sdpUpper.contains("UNION ") || sdpUpper.contains("SELECT ")) {
+            log.error("[SDP注入攻击] 检测到非法SDP内容，已拒绝解析，内容长度: {}", sdpStr.length());
+            throw new SdpParseException(0, 0, "非法SDP内容");
+        }
+        //校验结束

        // jainSip不支持y= f=字段， 移除以解析。
        int ssrcIndex = sdpStr.indexOf("y=");
--- a/src/main/java/com/genersoft/iot/vmp/jt1078/codec/netty/TcpServer.java
+++ b/src/main/java/com/genersoft/iot/vmp/jt1078/codec/netty/TcpServer.java
@ -3,6 +3,7 @@ package com.genersoft.iot.vmp.jt1078.codec.netty;
 import com.genersoft.iot.vmp.jt1078.codec.decode.Jt808Decoder;
 import com.genersoft.iot.vmp.jt1078.codec.encode.Jt808Encoder;
 import com.genersoft.iot.vmp.jt1078.codec.encode.Jt808EncoderCmd;
+import com.genersoft.iot.vmp.jt1078.config.JT1078Config;
 import com.genersoft.iot.vmp.jt1078.proc.factory.CodecFactory;
 import com.genersoft.iot.vmp.jt1078.service.Ijt1078Service;
 import io.netty.bootstrap.ServerBootstrap;
@ -38,13 +39,15 @@ public class TcpServer {
    private EventLoopGroup workerGroup = null;
    private ApplicationEventPublisher applicationEventPublisher = null;
    private Ijt1078Service service = null;
+    private final JT1078Config jt1078Config;

    private final ByteBuf DECODER_JT808 = Unpooled.wrappedBuffer(new byte[]{0x7e});

-    public TcpServer(Integer port, ApplicationEventPublisher applicationEventPublisher, Ijt1078Service service) {
+    public TcpServer(Integer port, ApplicationEventPublisher applicationEventPublisher, Ijt1078Service service, JT1078Config jt1078Config) {
        this.port = port;
        this.applicationEventPublisher = applicationEventPublisher;
        this.service = service;
+        this.jt1078Config = jt1078Config;
    }

    private void startTcpServer() {
@ -63,7 +66,7 @@ public class TcpServer {
                        @Override
                        public void initChannel(NioSocketChannel channel) {
                            channel.pipeline()
-                                    .addLast(new IdleStateHandler(10, 0, 0, TimeUnit.MINUTES))
+                                    .addLast(new IdleStateHandler(jt1078Config.getReaderIdleTime(), 0, 0, TimeUnit.MINUTES))
                                    .addLast(new DelimiterBasedFrameDecoder(1024 * 2, DECODER_JT808))
                                    .addLast(new Jt808Decoder(applicationEventPublisher, service))
                                    .addLast(new Jt808Encoder())
--- a/src/main/java/com/genersoft/iot/vmp/jt1078/config/JT1078AutoConfiguration.java
+++ b/src/main/java/com/genersoft/iot/vmp/jt1078/config/JT1078AutoConfiguration.java
@ -26,8 +26,11 @@ public class JT1078AutoConfiguration {
    @Autowired
    private Ijt1078Service service;

+    @Autowired
+    private JT1078Config jt1078Config;
+
    @Bean(initMethod = "start", destroyMethod = "stop")
    public TcpServer jt1078Server(@Value("${jt1078.port}") Integer port) {
-        return new TcpServer(port, applicationEventPublisher, service);
+        return new TcpServer(port, applicationEventPublisher, service, jt1078Config);
    }
 }
--- a/src/main/java/com/genersoft/iot/vmp/jt1078/config/JT1078Config.java
+++ b/src/main/java/com/genersoft/iot/vmp/jt1078/config/JT1078Config.java
@ -17,4 +17,9 @@ public class JT1078Config {
    private String password;

    private Boolean record = false;
+
+    /**
+     * IdleStateHandler reader idle timeout, unit: minutes
+     */
+    private Integer readerIdleTime = 15;
 }
--- a/src/test/java/com/genersoft/iot/vmp/jt1078/JT1078ServerTest.java
+++ b/src/test/java/com/genersoft/iot/vmp/jt1078/JT1078ServerTest.java
@ -20,7 +20,7 @@ public class JT1078ServerTest {

    public static void main(String[] args) {
        System.out.println("Starting jt1078 server...");
-        TcpServer tcpServer = new TcpServer(21078, null, null);
+        TcpServer tcpServer = new TcpServer(21078, null, null, null);
        tcpServer.start();
        System.out.println("Start jt1078 server success!");