[sr-dev] git:4.3:83938d21: dialog: Sanity checks

Module: kamailio Branch: 4.3 Commit: 83938d2153d0d33f1e3248a9ae280dae38440855 URL: https://github.com/kamailio/kamailio/commit/83938d2153d0d33f1e3248a9ae280da… Author: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Committer: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Date: 2015-11-03T16:55:13+02:00 dialog: Sanity checks Add NULL checks for the parse_dlg_rr_param(). Segfault when 'did' parameter was empty in the Route header (e.g. 'did='). (cherry picked from commit 876787d977c46ffcb1288f5eb66e91145cba1061) --- Modified: modules/dialog/dlg_handlers.c --- Diff: https://github.com/kamailio/kamailio/commit/83938d2153d0d33f1e3248a9ae280da… Patch: https://github.com/kamailio/kamailio/commit/83938d2153d0d33f1e3248a9ae280da… --- diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c index 75dc86f..b20f795 100644 --- a/modules/dialog/dlg_handlers.c +++ b/modules/dialog/dlg_handlers.c @@ -970,7 +970,29 @@ static inline int parse_dlg_rr_param(char *p, char *end, int *h_entry, int *h_id { char *s; + /* sanity checks */ + if (!p) { + LM_ERR("NULL start of parameter string"); + return -1; + } + + if (!end) { + LM_ERR("NULL end of parameter string"); + return -1; + } + + if (!h_entry) { + LM_ERR("NULL h_entry"); + return -1; + } + + if (!h_id) { + LM_ERR("NULL h_id"); + return -1; + } + for ( s=p ; p<end && *p!=DLG_SEPARATOR ; p++ ); + if (*p!=DLG_SEPARATOR) { LM_ERR("malformed rr param '%.*s'\n", (int)(long)(end-s), s); return -1;