[sr-dev] git:master:3a48835c: dialoplan: safe checks for match expression

Daniel-Constantin Mierla Mon, 19 Dec 2016 23:33:56 -0800

Module: kamailio
Branch: master
Commit: 3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc
URL: 
https://github.com/kamailio/kamailio/commit/3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc


Author: Daniel-Constantin Mierla <mico...@gmail.com>
Committer: Daniel-Constantin Mierla <mico...@gmail.com>
Date: 2016-12-20T08:32:03+01:00

dialoplan: safe checks for match expression

- test if null to avoid invalid use in comparison functions
- reported by Julia Boudniatsky

---

Modified: src/modules/dialplan/dp_repl.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc.diff
Patch: 
https://github.com/kamailio/kamailio/commit/3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc.patch

---

diff --git a/src/modules/dialplan/dp_repl.c b/src/modules/dialplan/dp_repl.c
index 0b16b0a..2c0d9b3 100644
--- a/src/modules/dialplan/dp_repl.c
+++ b/src/modules/dialplan/dp_repl.c
@@ -583,7 +583,7 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
        dpl_dyn_pcre_p rt = NULL;
 
        if(!input.s || !input.len) {
-               LM_ERR("invalid input string\n");
+               LM_WARN("invalid or empty input string to be matched\n");
                return -1;
        }
 
@@ -635,7 +635,8 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
 
                        case DP_EQUAL_OP:
                                LM_DBG("equal operator testing\n");
-                               if(rulep->match_exp.len != input.len) {
+                               if(rulep->match_exp.s==NULL
+                                               || rulep->match_exp.len != 
input.len) {
                                        rez = -1;
                                } else {
                                        rez = 
strncmp(rulep->match_exp.s,input.s,input.len);
@@ -645,11 +646,15 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
 
                        case DP_FNMATCH_OP:
                                LM_DBG("fnmatch operator testing\n");
-                               b = input.s[input.len];
-                               input.s[input.len] = '\0';
-                               rez = fnmatch(rulep->match_exp.s, input.s, 0);
-                               input.s[input.len] = b;
-                               rez = (rez==0)?0:-1;
+                               if(rulep->match_exp.s!=NULL) {
+                                       b = input.s[input.len];
+                                       input.s[input.len] = '\0';
+                                       rez = fnmatch(rulep->match_exp.s, 
input.s, 0);
+                                       input.s[input.len] = b;
+                                       rez = (rez==0)?0:-1;
+                               } else {
+                                       rez = -1;
+                               }
                                break;
 
                        default:


_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev

[sr-dev] git:master:3a48835c: dialoplan: safe checks for match expression

Reply via email to