
<p><b>@urtho</b> commented on this pull request.</p>


<hr>


<p>In <a href="https://github.com/kamailio/kamailio/pull/2016#discussion_r307996650">src/modules/async/async_sleep.c</a>:</p>

<pre style='color:#555'>> +    ai = (async_ms_item_t *) ((char *)at +  sizeof(async_task_t) + sizeof(async_task_param_t));

+       ai->at = at;

+

+       if(cbname && cbname->len>=ASYNC_CBNAME_SIZE-1) {

+               LM_ERR("callback name is too long: %.*s\n", cbname->len, cbname->s);

+               return -1;

+       }

+

+       t = tmb.t_gett();

+       if(t == NULL || t == T_UNDEFINED) {

+               if(tmb.t_newtran(msg) < 0) {

+                       LM_ERR("cannot create the transaction\n");

+                       return -1;

+               }

+               t = tmb.t_gett();

+               if(t == NULL || t == T_UNDEFINED) {

</pre>

<p>The allocation is done too early. Moving it past all the input and transaction validation.</p>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/kamailio/kamailio/pull/2016?email_source=notifications&email_token=ABO7UZMXT76JUECXSARGCLLQBV5DVA5CNFSM4IHKWVP2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOB7Y35GI#discussion_r307996650">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABO7UZOMDKIJ5OR5OS4KLETQBV5DVANCNFSM4IHKWVPQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABO7UZIVPXYWBFGC6HJMPODQBV5DVA5CNFSM4IHKWVP2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOB7Y35GI.gif" height="1" width="1" alt="" /></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/kamailio/kamailio/pull/2016?email_source=notifications\u0026email_token=ABO7UZMXT76JUECXSARGCLLQBV5DVA5CNFSM4IHKWVP2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOB7Y35GI#discussion_r307996650",

"url": "https://github.com/kamailio/kamailio/pull/2016?email_source=notifications\u0026email_token=ABO7UZMXT76JUECXSARGCLLQBV5DVA5CNFSM4IHKWVP2YY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOB7Y35GI#discussion_r307996650",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>