Module: kamailio Branch: master Commit: 876787d977c46ffcb1288f5eb66e91145cba1061 URL: https://github.com/kamailio/kamailio/commit/876787d977c46ffcb1288f5eb66e91145cba1061
Author: Stefan Mititelu <stefan.mitit...@1and1.ro> Committer: Stefan Mititelu <stefan.mitit...@1and1.ro> Date: 2015-11-03T15:58:02+02:00 dialog: Sanity checks Add NULL checks for the parse_dlg_rr_param(). Segfault when 'did' parameter was empty in the Route header (e.g. 'did='). --- Modified: modules/dialog/dlg_handlers.c --- Diff: https://github.com/kamailio/kamailio/commit/876787d977c46ffcb1288f5eb66e91145cba1061.diff Patch: https://github.com/kamailio/kamailio/commit/876787d977c46ffcb1288f5eb66e91145cba1061.patch --- diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c index f9a16ce..617502e 100644 --- a/modules/dialog/dlg_handlers.c +++ b/modules/dialog/dlg_handlers.c @@ -970,7 +970,29 @@ static inline int parse_dlg_rr_param(char *p, char *end, int *h_entry, int *h_id { char *s; + /* sanity checks */ + if (!p) { + LM_ERR("NULL start of parameter string"); + return -1; + } + + if (!end) { + LM_ERR("NULL end of parameter string"); + return -1; + } + + if (!h_entry) { + LM_ERR("NULL h_entry"); + return -1; + } + + if (!h_id) { + LM_ERR("NULL h_id"); + return -1; + } + for ( s=p ; p<end && *p!=DLG_SEPARATOR ; p++ ); + if (*p!=DLG_SEPARATOR) { LM_ERR("malformed rr param '%.*s'\n", (int)(long)(end-s), s); return -1; _______________________________________________ sr-dev mailing list sr-dev@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
