[sr-dev] git:master:d6b0beb5: core: parser/contact - add limit for max number of contacts

Module: kamailio Branch: master Commit: d6b0beb5a219ae57a62e9e7201a6ec1fe66e5a96 URL: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-05-03T14:36:29+02:00 core: parser/contact - add limit for max number of contacts - defined to 256 --- Modified: src/core/parser/contact/contact.c --- Diff: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1… Patch: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1… --- diff --git a/src/core/parser/contact/contact.c b/src/core/parser/contact/contact.c index dd522a6cd3c..322a22e9590 100644 --- a/src/core/parser/contact/contact.c +++ b/src/core/parser/contact/contact.c @@ -221,6 +221,8 @@ static inline void contact_append(contact_t **head, contact_t *node) ptr->next = node; } +#define KSR_MAX_CONTACTS 256 + /* * Parse contacts in a Contact HF */ @@ -229,9 +231,11 @@ int parse_contacts(str *_s, contact_t **_c) contact_t *c; param_hooks_t hooks; str sv; + int n; sv = *_s; + n = 0; while(1) { /* Allocate and clear contact structure */ c = (contact_t *)pkg_malloc(sizeof(contact_t)); @@ -273,7 +277,6 @@ int parse_contacts(str *_s, contact_t **_c) LM_ERR("invalid contact uri\n"); goto error; } - if(_s->len == 0) goto ok; @@ -312,7 +315,12 @@ int parse_contacts(str *_s, contact_t **_c) contact_append(_c, c); c = NULL; + n++; + if(n > KSR_MAX_CONTACTS) { + LM_ERR("too many contacts: %d\n", n); + return -1; + } if(_s->len == 0) { LM_ERR("text after comma missing\n"); goto error;