[sr-dev] git:5.0:06c6a73f: topoh: detect when via param is shorter than expected prefix
Henning Westerholt
hw at skalatan.de
Wed Apr 3 23:27:41 CEST 2019
Module: kamailio
Branch: 5.0
Commit: 06c6a73f05740bc017048c73a9479715f3d1ac0b
URL: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Henning Westerholt <hw at skalatan.de>
Date: 2019-04-03T23:26:50+02:00
topoh: detect when via param is shorter than expected prefix
(cherry picked from commit e6950ffb1985493e717e3d774eddad779aed1514)
---
Modified: src/modules/topoh/th_msg.c
---
Diff: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b.diff
Patch: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b.patch
---
diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c
index 3de34f13f1..f8a8180727 100644
--- a/src/modules/topoh/th_msg.c
+++ b/src/modules/topoh/th_msg.c
@@ -410,12 +410,17 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
LM_ERR("cannot find param in via %d\n", i);
return -1;
}
- if(i==2)
+ if(vp->value.len <= th_vparam_prefix.len) {
+ LM_ERR("invalid param len in via %d\n", i);
+ return -1;
+ }
+ if(i==2) {
out.s = th_mask_decode(vp->value.s, vp->value.len,
&th_vparam_prefix, CRLF_LEN+1, &out.len);
- else
+ } else {
out.s = th_mask_decode(vp->value.s, vp->value.len,
&th_vparam_prefix, 0, &out.len);
+ }
if(out.s==NULL || out.len<=0)
{
LM_ERR("cannot decode via %d\n", i);
More information about the sr-dev
mailing list