git:master:20a75004: ims_registrar_scscf: fix uninitialized arguments in save() - sr-dev

29 Apr 2024

Module: kamailio
Branch: master
Commit: 20a75004d53a06da0f22b11804a4d83496ad8919
URL: https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d834...
Author: Alexander Couzens lynxis@fe80.eu
Committer: Henning Westerholt hw@gilawa.com
Date: 2024-04-29T19:27:15+02:00
ims_registrar_scscf: fix uninitialized arguments in save()
The script "save" command can be used with different arguments:
2, 3 and 4.
But internally for all save() calls the exact same function is use, w_save().
When calling save("PRE_REG_SAR_REPLY","location"); as given by the examples,
kamailio will call w_save().
Because the command code will cast the function pointer, the w_save() function
is called with 2 uninitialized arguments *mode, *c_flags.
mode is unused, seems a legacy argument. c_flags is referenced resulting in a crash
if not null.
Use separate wrapper functions to handle different argument number.
Fixes: a627c9a04a74 ("ims_registrar_scscf: Extend save() with optional flag")
---
Modified: src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
---
Diff:  https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d834...
Patch: https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d834...
---

diff --git a/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c b/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
index 07403a2b1e6..d17b5e38823 100644
--- a/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
+++ b/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
@@ -131,7 +131,9 @@ struct _pv_req_data _pv_treq;
 static int mod_init(void);
 static int child_init(int);
 static void mod_destroy(void);
-static int w_save(
+static int w_save2(struct sip_msg *_m, char *_route, char *_d);
+static int w_save3(struct sip_msg *_m, char *_route, char *_d, char *mode);
+static int w_save4(
    	struct sip_msg *_m, char *_route, char *_d, char *mode, char *_cflags);
 static int w_assign_server_unreg(
    	struct sip_msg *_m, char *_route, char *_d, char *_direction);
@@ -231,11 +233,11 @@ static pv_export_t mod_pvs[] = {
  * Exported functions
  */
 static cmd_export_t cmds[] = {
-		{"save", (cmd_function)w_save, 2, assign_save_fixup3_async, 0,
+		{"save", (cmd_function)w_save2, 2, assign_save_fixup3_async, 0,
    			REQUEST_ROUTE | ONREPLY_ROUTE},
-		{"save", (cmd_function)w_save, 3, assign_save_fixup3_async, 0,
+		{"save", (cmd_function)w_save3, 3, assign_save_fixup3_async, 0,
    			REQUEST_ROUTE | ONREPLY_ROUTE},
-		{"save", (cmd_function)w_save, 4, save_fixup3, free_uint_fixup,
+		{"save", (cmd_function)w_save4, 4, save_fixup3, free_uint_fixup,
    			REQUEST_ROUTE | ONREPLY_ROUTE},
    	{"lookup", (cmd_function)w_lookup, 1, domain_fixup, 0,
    			REQUEST_ROUTE | FAILURE_ROUTE},
@@ -677,9 +679,21 @@ AAAMessage *callback_cdp_request(AAAMessage *request, void *param)
 /*! \brief
  * Wrapper to save(location)
  */
-static int w_save(
+static int w_save2(struct sip_msg *_m, char *_route, char *_d)
+{
+	return save(_m, _d, _route, 0);
+}
+
+static int w_save3(struct sip_msg *_m, char *_route, char *_d, char *_mode)
+{
+	/* mode is unsed. Docs says legacy parameter? Maybe to be compatible with registrar/save? */
+	return save(_m, _d, _route, 0);
+}
+
+static int w_save4(
    	struct sip_msg *_m, char *_route, char *_d, char *mode, char *_cflags)
 {
+	/* mode is unsed. Docs says legacy parameter? Maybe to be compatible with registrar/save? */
    if(_cflags) {
    	return save(_m, _d, _route, ((int)(*_cflags)));
    }

    