[sr-dev] git:master:53c27ac3: app_mono: safety check beforing accessing field inside pointer

Fri, 08 Dec 2017 00:40:30 -0800 

Module: kamailio
Branch: master
Commit: 53c27ac3eb3e762110bd5cf54e55ddd85a7973a1
URL: 
https://github.com/kamailio/kamailio/commit/53c27ac3eb3e762110bd5cf54e55ddd85a7973a1

Author: Daniel-Constantin Mierla <mico...@gmail.com>
Committer: Daniel-Constantin Mierla <mico...@gmail.com>
Date: 2017-12-08T08:57:17+01:00

app_mono: safety check beforing accessing field inside pointer

- zero terminated allocated strings

---

Modified: src/modules/app_mono/app_mono_api.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/53c27ac3eb3e762110bd5cf54e55ddd85a7973a1.diff
Patch: 
https://github.com/kamailio/kamailio/commit/53c27ac3eb3e762110bd5cf54e55ddd85a7973a1.patch

---

diff --git a/src/modules/app_mono/app_mono_api.c 
b/src/modules/app_mono/app_mono_api.c
index 7bdfcb97a9..37ece204d2 100644
--- a/src/modules/app_mono/app_mono_api.c
+++ b/src/modules/app_mono/app_mono_api.c
@@ -136,7 +136,7 @@ int mono_sr_init_load(void)
        }
        mono_config_parse (NULL);
        mi = _sr_mono_load_list;
-       if(mi->domain != NULL)
+       if(mi && mi->domain != NULL)
        {
                LM_ERR("worker mono environment already initialized\n");
                return 0;
@@ -769,13 +769,14 @@ static int sr_mono_hdr_append (MonoString *hv)
        }
 
        hf = env_M->msg->last_header;
-       hdr = (char*)pkg_malloc(txt.len);
+       hdr = (char*)pkg_malloc(txt.len+1);
        if(hdr==NULL)
        {
                LM_ERR("no pkg memory left\n");
                goto error;
        }
        memcpy(hdr, txt.s, txt.len);
+       hdr[txt.len] = '\0';
        anchor = anchor_lump(env_M->msg,
                                hf->name.s + hf->len - env_M->msg->buf, 0, 0);
        if(insert_new_lump_before(anchor, hdr, txt.len, 0) == 0)
@@ -863,13 +864,14 @@ static int sr_mono_hdr_insert (MonoString *hv)
 
        LM_DBG("insert hf: %s\n", txt.s);
        hf = env_M->msg->headers;
-       hdr = (char*)pkg_malloc(txt.len);
+       hdr = (char*)pkg_malloc(txt.len+1);
        if(hdr==NULL)
        {
                LM_ERR("no pkg memory left\n");
                goto error;
        }
        memcpy(hdr, txt.s, txt.len);
+       hdr[txt.len] = '\0';
        anchor = anchor_lump(env_M->msg,
                                hf->name.s + hf->len - env_M->msg->buf, 0, 0);
        if(insert_new_lump_before(anchor, hdr, txt.len, 0) == 0)


_______________________________________________
Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to