git:master:26ab0fcc: uac: do not free chunks already inserted as lumps - sr-dev

6 Apr 2021

Module: kamailio
Branch: master
Commit: 26ab0fcc97cbf0d6602454e60187a914f13424a2
URL: https://github.com/kamailio/kamailio/commit/26ab0fcc97cbf0d6602454e60187a914...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2021-04-06T12:17:35+02:00
uac: do not free chunks already inserted as lumps
- in case of errors happening later, the pointers are linked in
sip_msg_t and will be freed there, otherwise will result in a double
free
---
Modified: src/modules/uac/replace.c
---
Diff:  https://github.com/kamailio/kamailio/commit/26ab0fcc97cbf0d6602454e60187a914...
Patch: https://github.com/kamailio/kamailio/commit/26ab0fcc97cbf0d6602454e60187a914...
---

diff --git a/src/modules/uac/replace.c b/src/modules/uac/replace.c
index 3a476a3d82..6e77eafe94 100644
--- a/src/modules/uac/replace.c
+++ b/src/modules/uac/replace.c
@@ -875,7 +875,7 @@ static void replace_callback(struct dlg_cell *dlg, int type,
    str old_uri;
    str* new_uri;
    str* new_display;
-	str buf;
+	str buf = STR_NULL;
    char *p;
    unsigned int uac_flag;
    int dlgvar_index = 0;
@@ -968,11 +968,13 @@ static void replace_callback(struct dlg_cell *dlg, int type,
    	buf.len = new_display->len;
    	if (l==0 && (l=get_display_anchor(msg, hdr, body, &buf)) == 0) {
    		LM_ERR("failed to insert anchor\n");
-			goto free1;
+			pkg_free(buf.s);
+			return;
    	}
    	if (insert_new_lump_after(l, buf.s, buf.len, 0) == 0) {
    		LM_ERR("insert new display lump failed\n");
-			goto free1;
+			pkg_free(buf.s);
+			return;
    	}
    }
@@ -980,20 +982,22 @@ static void replace_callback(struct dlg_cell *dlg, int type,
    p = pkg_malloc( new_uri->len);
    if (!p) {
    	PKG_MEM_ERROR;
-		goto free1;
+		return;
    }
-	memcpy( p, new_uri->s, new_uri->len);
+	memcpy(p, new_uri->s, new_uri->len);
/* build del/add lumps */
-	l = del_lump( msg, old_uri.s-msg->buf, old_uri.len, 0);
+	l = del_lump(msg, old_uri.s-msg->buf, old_uri.len, 0);
    if (l==0) {
    	LM_ERR("del lump failed\n");
-		goto free2;
+		pkg_free(p);
+		return;
    }
if (insert_new_lump_after( l, p, new_uri->len, 0)==0) {
    	LM_ERR("insert new lump failed\n");
-		goto free2;
+		pkg_free(p);
+		return;
    }
/* register tm callback to change replies,
@@ -1007,12 +1011,6 @@ static void replace_callback(struct dlg_cell *dlg, int type,
    msg->msg_flags |= uac_flag;
return;
-
-free2:
-	pkg_free(p);
-
-free1:
-	pkg_free(buf.s);
 }

    