git:master: modules_k/rls: Memory leak in parse_subs_state() in resource_notify.c - sr-dev

26 Jan 2012

Module: sip-router
Branch: master
Commit: 569c0b7adf93773677dd1cc98957c74d40752982
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=569c0b7a...
Author: pd peter.dunkley@crocodile-rcs.com
Committer: pd peter.dunkley@crocodile-rcs.com
Date:   Thu Jan 26 13:59:06 2012 +0000
modules_k/rls: Memory leak in parse_subs_state() in resource_notify.c
- Also the function didn't appear to be doing quite the right thing.
- Found by Paul Pankhurst @ Crocodile RCS and fixed by Peter Dunkley @ Crocodile RCS
---
modules_k/rls/resource_notify.c |   68 ++++++++++++++++++--------------------
 1 files changed, 32 insertions(+), 36 deletions(-)

diff --git a/modules_k/rls/resource_notify.c b/modules_k/rls/resource_notify.c
index b79e83b..ddee0a3 100644
--- a/modules_k/rls/resource_notify.c
+++ b/modules_k/rls/resource_notify.c
@@ -423,46 +423,39 @@ done:
 }
-int parse_subs_state(str auth_state, str** reason, int* expires)
+int parse_subs_state(str auth_state, str *reason, int *expires)
 {
    str str_exp;
-	str* res= NULL;
    char* smc= NULL;
    int len, flag= -1;
-
-	if( strncmp(auth_state.s, "active", 6)== 0)
+	if (strncmp(auth_state.s, "active", 6)== 0)
    	flag= ACTIVE_STATE;
-	if( strncmp(auth_state.s, "pending", 7)== 0)
+	if (strncmp(auth_state.s, "pending", 7)== 0)
    	flag= PENDING_STATE;
-	if( strncmp(auth_state.s, "terminated", 10)== 0)
+	if (strncmp(auth_state.s, "terminated", 10)== 0)
    {
    	smc= strchr(auth_state.s, ';');
-		if(smc== NULL)
+		if (smc== NULL)
    	{
    		LM_ERR("terminated state and no reason found");
    		return -1;
    	}
-		if(strncmp(smc+1, "reason=", 7))
+		if (strncmp(smc+1, "reason=", 7))
    	{
    		LM_ERR("terminated state and no reason found");
    		return -1;
-        }
-		res= (str*)pkg_malloc(sizeof(str));
-		if(res== NULL)
-        {
-			ERR_MEM(PKG_MEM_STR);
-		}
+        	}
    	len=  auth_state.len- 10- 1- 7;
-		res->s= (char*)pkg_malloc(len* sizeof(char));
-		if(res->s== NULL)
+		reason->s = (char*) pkg_malloc(len* sizeof(char));
+		if (reason->s== NULL)
    	{
    		ERR_MEM(PKG_MEM_STR);
    	}
-		memcpy(res->s, smc+ 8, len);
-		res->len= len;
+		memcpy(reason->s, smc+ 8, len);
+		reason->len= len;
    	return TERMINATED_STATE;
    }
    
@@ -473,7 +466,7 @@ int parse_subs_state(str auth_state, str** reason, int* expires)
    	{
    		LM_ERR("active or pending state and no expires parameter found");
    		return -1;
-        }	
+		}	
    	if(strncmp(smc+1, "expires=", 8))
    	{
    		LM_ERR("active or pending state and no expires parameter found");
@@ -483,22 +476,16 @@ int parse_subs_state(str auth_state, str** reason, int* expires)
    	str_exp.len= auth_state.s+ auth_state.len- smc- 9;
if( str2int(&str_exp, (unsigned int*)expires)< 0)
-        {
+		{
    		LM_ERR("while getting int from str\n");
    		return -1;
-        }
+		}
    	return flag;
    
    }
-	return -1;
error:
-	if(res)
-	{
-		if(res->s)
-			pkg_free(res->s);
-		pkg_free(res);
-	}
+	if (reason->s) pkg_free(reason->s);
    return -1;
 }
@@ -514,7 +501,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
    int n_query_cols= 0;
    str auth_state= {0, 0};
    int found= 0;
-	str* reason= NULL;
+	str reason = {0, 0};
    int auth_flag;
    struct hdr_field* hdr= NULL;
    int n, expires= -1;
@@ -556,7 +543,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
    }
    memset(&dialog, 0, sizeof(ua_pres_t));
    dialog.watcher_uri= &pto->uri;
-    if (pto->tag_value.s==NULL || pto->tag_value.len==0 )
+	if (pto->tag_value.s==NULL || pto->tag_value.len==0 )
    {
    	LM_ERR("to tag value not parsed\n");
    	goto error;
@@ -641,7 +628,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
    	 */
    	if(auth_flag==TERMINATED_STATE)
    		goto done;
-        LM_ERR("no presence dialog record for non-TERMINATED state uri pres_uri = %.*s watcher_uri = %.*s\n",
+		LM_ERR("no presence dialog record for non-TERMINATED state uri pres_uri = %.*s watcher_uri = %.*s\n",
                 dialog.pres_uri->len, dialog.pres_uri->s, dialog.watcher_uri->len, dialog.watcher_uri->s);
    	goto error;
    }
@@ -655,9 +642,9 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
    				
    /*constructing the xml body*/
    if(get_content_length(msg) == 0 )
-    {	
-        goto done;
-    }	
+	{	
+		goto done;
+	}	
    else
    {
    	if(content_type.s== 0)
@@ -705,8 +692,11 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
    query_cols[n_query_cols]= &str_reason_col;
    query_vals[n_query_cols].type = DB1_STR;
    query_vals[n_query_cols].nul = 0;
-	if(reason)
-		query_vals[n_query_cols].val.str_val= *reason;
+	if(reason.len > 0)
+	{
+		query_vals[n_query_cols].val.str_val.s= reason.s;
+		query_vals[n_query_cols].val.str_val.len= reason.len;
+	}	
    else
    {
    	query_vals[n_query_cols].val.str_val.s = "";
@@ -787,6 +777,9 @@ done:
    	pkg_free(res_id->s);
    	pkg_free(res_id);
    }
+
+	if (reason.s) pkg_free(reason.s);
+
    free_to_params(&TO);
    return 1;
@@ -796,6 +789,9 @@ error:
    	pkg_free(res_id->s);
    	pkg_free(res_id);
    }
+
+	if (reason.s) pkg_free(reason.s);
+
    free_to_params(&TO);
    return -1;
 }

    