[sr-dev] git:4.4:39874e41: dialplan: safe checks for match expression

[Daniel-Constantin Mierla]

Module: kamailio
Branch: 4.4
Commit: 39874e415c754263e6c847bb19d89c5ef615e376
URL: 
https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376

Author: Daniel-Constantin Mierla <mico...@gmail.com>
Committer: Daniel-Constantin Mierla <mico...@gmail.com>
Date: 2016-12-20T08:36:20+01:00

dialplan: safe checks for match expression

- test if null to avoid invalid use in comparison functions
- reported by Julia Boudniatsky
(backport of commit 3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc)

---

Modified: modules/dialplan/dp_repl.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376.diff
Patch: 
https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376.patch

---

diff --git a/modules/dialplan/dp_repl.c b/modules/dialplan/dp_repl.c
index 959c4bc..03727fd 100644
--- a/modules/dialplan/dp_repl.c
+++ b/modules/dialplan/dp_repl.c
@@ -583,7 +583,7 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
        dpl_dyn_pcre_p rt = NULL;
 
        if(!input.s || !input.len) {
-               LM_ERR("invalid input string\n");
+               LM_WARN("invalid or empty input string to be matched\n");
                return -1;
        }
 
@@ -635,7 +635,8 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
 
                        case DP_EQUAL_OP:
                                LM_DBG("equal operator testing\n");
-                               if(rulep->match_exp.len != input.len) {
+                               if(rulep->match_exp.s==NULL
+                                               || rulep->match_exp.len != 
input.len) {
                                        rez = -1;
                                } else {
                                        rez = 
strncmp(rulep->match_exp.s,input.s,input.len);
@@ -645,11 +646,15 @@ int translate(sip_msg_t *msg, str input, str *output, 
dpl_id_p idp,
 
                        case DP_FNMATCH_OP:
                                LM_DBG("fnmatch operator testing\n");
-                               b = input.s[input.len];
-                               input.s[input.len] = '\0';
-                               rez = fnmatch(rulep->match_exp.s, input.s, 0);
-                               input.s[input.len] = b;
-                               rez = (rez==0)?0:-1;
+                               if(rulep->match_exp.s!=NULL) {
+                                       b = input.s[input.len];
+                                       input.s[input.len] = '\0';
+                                       rez = fnmatch(rulep->match_exp.s, 
input.s, 0);
+                                       input.s[input.len] = b;
+                                       rez = (rez==0)?0:-1;
+                               } else {
+                                       rez = -1;
+                               }
                                break;
 
                        default:


_______________________________________________
sr-dev mailing list
sr-dev@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev