[Linphone-users] [PATCH] belle-spi crash with malformed linphone log entries

Sat, 21 Nov 2015 06:55:02 -0800 

Hi,
If for some reason linphone stores some log entries with empty fields, libbelle-sip crashes because it doesn't check input at all. The result is that linphone refuses to start and the user has to wipe their call log (assuming they're clever enough to find the cause of the problem). 

This attached patch fixes 3 of those crashes and allows linphone to start.

Regards,

François.


diff -Naur belle-sip-1.4.2-orig/src/belle_sip_headers_impl.c belle-sip-1.4.2-new/src/belle_sip_headers_impl.c
--- belle-sip-1.4.2-orig/src/belle_sip_headers_impl.c	2015-10-19 12:43:47.000000000 +0100
+++ belle-sip-1.4.2-new/src/belle_sip_headers_impl.c	2015-11-21 14:43:27.742412050 +0000
@@ -263,7 +263,11 @@
 }
 
 belle_sip_uri_t* belle_sip_header_address_get_uri(const belle_sip_header_address_t* address) {
-	return address->uri;
+	if (address) {
+		return address->uri;
+	} else {
+		return NULL;
+	}
 }
 
 void belle_sip_header_address_set_uri(belle_sip_header_address_t* address, belle_sip_uri_t* uri) {
diff -Naur belle-sip-1.4.2-orig/src/belle_sip_internal.h belle-sip-1.4.2-new/src/belle_sip_internal.h
--- belle-sip-1.4.2-orig/src/belle_sip_internal.h	2015-10-19 12:43:47.000000000 +0100
+++ belle-sip-1.4.2-new/src/belle_sip_internal.h	2015-11-21 14:40:31.276382513 +0000
@@ -291,7 +291,11 @@
 /*parameters accessors*/
 #define GET_SET_STRING(object_type,attribute) \
 	const char* object_type##_get_##attribute (const object_type##_t* obj) {\
-		return obj->attribute;\
+		if (obj) {\
+			return obj->attribute;\
+		} else {\
+			return NULL;\
+		}\
 	}\
 	void object_type##_set_##attribute (object_type##_t* obj,const char* value) {\
 		const char* previous_value = obj->attribute;  /*preserve if same value re-asigned*/ \
diff -Naur belle-sip-1.4.2-orig/src/belle_sip_object.c belle-sip-1.4.2-new/src/belle_sip_object.c
--- belle-sip-1.4.2-orig/src/belle_sip_object.c	2015-10-19 12:43:47.000000000 +0100
+++ belle-sip-1.4.2-new/src/belle_sip_object.c	2015-11-21 14:40:31.276382513 +0000
@@ -505,7 +505,10 @@
 }
 
 belle_sip_error_code belle_sip_object_marshal(belle_sip_object_t* obj, char* buff, size_t buff_size, size_t *offset) {
-	belle_sip_object_vptr_t *vptr=obj->vptr;
+	belle_sip_object_vptr_t *vptr = NULL;
+	if (obj != NULL) {
+		vptr=obj->vptr;
+	}
 	while (vptr != NULL) {
 		if (vptr->marshal != NULL) {
 			if (_belle_sip_object_marshal_check_enabled == TRUE)

_______________________________________________
Linphone-users mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/linphone-users






















					Reply via email to