Module: sip-router Branch: pd/outbound Commit: 5ceef3cb48fc4b1e9c75abf91ba45f59f5125751 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5ceef3cb...
Author: Peter Dunkley peter.dunkley@crocodile-rcs.com Committer: Peter Dunkley peter.dunkley@crocodile-rcs.com Date: Mon Dec 31 12:54:37 2012 +0000
modules_k/outbound: tightened up error handling in decode_flow_token()
---
modules_k/outbound/ob_mod.c | 27 ++++++++++++++++++++++----- 1 files changed, 22 insertions(+), 5 deletions(-)
diff --git a/modules_k/outbound/ob_mod.c b/modules_k/outbound/ob_mod.c index 5b7b226..c9e55eb 100644 --- a/modules_k/outbound/ob_mod.c +++ b/modules_k/outbound/ob_mod.c @@ -95,8 +95,8 @@ static int mod_init(void) /* Structure of flow token
<HMAC-SHA1-80><protocol><dst_ip><dst_port><src_ip><src_port> - 10 + 1 + 16 + 2 + 16 + 2 - = 47 bytes maximum + 10 + 1 + 4or16 + 2 + 16 + 2 + = 35 bytes minimum and 47 bytes maximum
<protocol> specifies whether the addresses are IPv4 or IPv6 and the transport. @@ -105,9 +105,11 @@ static int mod_init(void)
IP addresses will be 4 (for IPv6) or 16 (for IPv6) bytes.
+ Minimum base64 encoded size: ceiling((35+2)/3)*4 = 52 bytes Maximum base64 encoded size: ceiling((47+2)/3)*4 = 68 bytes */
+#define UNENC_FLOW_TOKEN_MIN_LENGTH 35 #define UNENC_FLOW_TOKEN_MAX_LENGTH 47 #define SHA1_LENGTH 20 #define SHA1_80_LENGTH 10 @@ -169,10 +171,25 @@ int decode_flow_token(struct receive_info *rcv, str flow_token) { int pos = FLOW_TOKEN_START_POS, flow_length, i;
- if (flow_token.len > base64_enc_len(UNENC_FLOW_TOKEN_MAX_LENGTH)) + if (rcv == NULL) { - LM_INFO("bad flow token length. Length is %d, expected <= %d\n", - flow_token.len, UNENC_FLOW_TOKEN_MAX_LENGTH); + LM_ERR("bad receive_info structure provided\n"); + return -1; + } + + if (flow_token.s == NULL) + { + LM_INFO("no flow token provided\n"); + return -1; + } + + if (flow_token.len != base64_enc_len(UNENC_FLOW_TOKEN_MIN_LENGTH) + && flow_token.len != base64_enc_len(UNENC_FLOW_TOKEN_MAX_LENGTH)) + { + LM_INFO("bad flow token length. Length is %d, expected %d" + " or %d.\n", flow_token.len, + UNENC_FLOW_TOKEN_MIN_LENGTH, + UNENC_FLOW_TOKEN_MAX_LENGTH); return -1; }