Module: kamailio Branch: master Commit: 18e485a3172055fa5c808c2423629d5bbd10b37e URL: https://github.com/kamailio/kamailio/commit/18e485a3172055fa5c808c2423629d5bbd10b37e
Author: Nacho Garcia Segovia <nacho...@zaleos.net> Committer: Victor Seva <linuxman...@torreviejawireless.org> Date: 2018-12-07T11:54:06+01:00 core: fixed segmentation fault when handling multipart bodies Function check_boundaries() in msg_translator.c not handling property the length of the buffers when it needs to repair the boundary, getting a negative lenght and causing a segmentation fault. --- Modified: src/core/msg_translator.c --- Diff: https://github.com/kamailio/kamailio/commit/18e485a3172055fa5c808c2423629d5bbd10b37e.diff Patch: https://github.com/kamailio/kamailio/commit/18e485a3172055fa5c808c2423629d5bbd10b37e.patch --- diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c index a272aeb6bc..08e518a9d8 100644 --- a/src/core/msg_translator.c +++ b/src/core/msg_translator.c @@ -1838,10 +1838,10 @@ int check_boundaries(struct sip_msg *msg, struct dest_info *send_info) tmp.len = get_line(lb_t->s); if(tmp.len!=b.len || strncmp(b.s, tmp.s, b.len)!=0) { - LM_DBG("malformed bondary in the middle\n"); + LM_DBG("malformed boundary in the middle\n"); memcpy(pb, b.s, b.len); body.len = body.len + b.len; pb = pb + b.len; - t = lb_t->s.s - (lb_t->s.s + tmp.len); + t = lb_t->next->s.s - (lb_t->s.s + tmp.len); memcpy(pb, lb_t->s.s+tmp.len, t); pb = pb + t; /*LM_DBG("new chunk[%d][%.*s]\n", t, t, pb-t);*/ } _______________________________________________ Kamailio (SER) - Development Mailing List sr-dev@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
