On Tue, Apr 30, 2013 at 02:42:22PM +0200, Andreas Granig wrote:
Hi,
We've seen this behaviour as well and worked around it using avp_subst with regex, as we didn't have the time yet to investigate further.
I was also able to work around it with:
$var(tmp) = $(var(x){s.substr,1,0}); $var(x) = $(var(tmp));
But basically I can confirm this issue.
It seems that at least the s.substr, s.select, s.strip, s.striptail, line.at and line.sw transformations are vulnerable to this issue since they reuse the input buffer. I think that the URI-parsing transformations are also vulnerable since they also reuse the existing input as far as I can see.
I can probably write a patch to change the 6 string transformations to use _tr_buffer, but I dont know if that is the best solution. It may be better to fix the variable assignment functions to make a copy of the rvalue if it overlaps the lvalue before the assignment, maybe someone who is more knowledgable with the kamailio source code can take a look at this.