Module: sip-router
Branch: master
Commit: 787fabb1e0085355aa1eeb77d5f17e7940f4ed3c
URL:
http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=787fabb…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: Fri Feb 12 11:12:37 2010 +0100
dialog(k): init local parameter
- memset tm callback param to 0
- safety checks for MI cmd dlg match
- credits to Inaki Baz Castillo and Torben Friese
---
modules_k/dialog/dlg_handlers.c | 34 ++++++++++++++++++++--------------
modules_k/dialog/dlg_hash.h | 2 ++
2 files changed, 22 insertions(+), 14 deletions(-)
diff --git a/modules_k/dialog/dlg_handlers.c b/modules_k/dialog/dlg_handlers.c
index 450cc12..1091777 100644
--- a/modules_k/dialog/dlg_handlers.c
+++ b/modules_k/dialog/dlg_handlers.c
@@ -331,24 +331,29 @@ static void dlg_onreply(struct cell* t, int type, struct tmcb_params
*param)
old_state!=DLG_STATE_CONFIRMED_NA && old_state!=DLG_STATE_CONFIRMED ) {
LM_DBG("dialog %p confirmed\n",dlg);
- /* get to tag*/
- if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) || !rpl->to) ) {
- LM_ERR("bad reply or missing TO hdr :-/\n");
- tag.s = 0;
- tag.len = 0;
- } else {
- tag = get_to(rpl)->tag_value;
- if (tag.s==0 || tag.len==0) {
- LM_ERR("missing TAG param in TO hdr :-/\n");
+ if (rpl != FAKED_REPLY) {
+ /* get to tag*/
+ if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0)
+ || !rpl->to) ) {
+ LM_ERR("bad reply or missing TO hdr :-/\n");
tag.s = 0;
tag.len = 0;
+ } else {
+ tag = get_to(rpl)->tag_value;
+ if (tag.s==0 || tag.len==0) {
+ LM_ERR("missing TAG param in TO hdr :-/\n");
+ tag.s = 0;
+ tag.len = 0;
+ }
}
- }
- /* save callee's tag, cseq, contact and record route*/
- if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
- LM_ERR("could not add further info to the dialog\n");
- }
+ /* save callee's tag, cseq, contact and record route*/
+ if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
+ LM_ERR("could not add further info to the dialog\n");
+ }
+ } else {
+ LM_ERR("Faked reply!\n");
+ }
/* set start time */
dlg->start_ts = (unsigned int)(time(0));
@@ -500,6 +505,7 @@ static void unref_new_dialog(void *dialog)
{
struct tmcb_params p;
+ memset(&p, 0, sizeof(struct tmcb_params));
p.param = (void*)&dialog;
dlg_onreply(0, TMCB_DESTROY, &p);
}
diff --git a/modules_k/dialog/dlg_hash.h b/modules_k/dialog/dlg_hash.h
index bd1de87..889a318 100644
--- a/modules_k/dialog/dlg_hash.h
+++ b/modules_k/dialog/dlg_hash.h
@@ -426,6 +426,8 @@ static inline int match_dialog(struct dlg_cell *dlg, str *callid,
*/
static inline int match_downstream_dialog(struct dlg_cell *dlg, str *callid, str *ftag)
{
+ if(dlg==NULL || callid==NULL || ftag==NULL)
+ return 0;
if (dlg->callid.len!=callid->len ||
dlg->tag[DLG_CALLER_LEG].len!=ftag->len ||
strncmp(dlg->callid.s,callid->s,callid->len)!=0 ||