[sr-dev] git:master: modules_k/uac: fix from/to restore for small original URI

Timo Teras timo.teras at iki.fi
Thu Apr 14 12:25:40 CEST 2011


Module: sip-router
Branch: master
Commit: e1d1c774c9ac0b4d9103f4a1c5e9b550adbb2f38
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=e1d1c774c9ac0b4d9103f4a1c5e9b550adbb2f38

Author: Timo Teräs <timo.teras at iki.fi>
Committer: Timo Teräs <timo.teras at iki.fi>
Date:   Wed Apr  6 09:33:10 2011 +0300

modules_k/uac: fix from/to restore for small original URI

Seems that the URI length check is superfluous and fails under
certain conditions. It does not make sense for the URI to have
zero bytes, so just use the first seen zero byte as end marker.

I have a reproducible test case where the restore inserts URI
with multiple zero-bytes to wire. This happens if the original
URI is smaller than the one we rewrote it to using uac_replace_from.

---

 modules_k/uac/from.c |   14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/modules_k/uac/from.c b/modules_k/uac/from.c
index 4657e11..50822b6 100644
--- a/modules_k/uac/from.c
+++ b/modules_k/uac/from.c
@@ -463,15 +463,17 @@ int restore_from( struct sip_msg *msg, int *is_from )
 		LM_ERR("new URI shorter than old URI\n");
 		goto failed;
 	}
-	for( i=0 ; i<old_uri.len ; i++ )
+	for( i=0 ; i<old_uri.len ; i++ ) {
 		new_uri.s[i] ^= old_uri.s[i];
-	if (new_uri.len==old_uri.len) {
-		for( ; new_uri.len && (new_uri.s[new_uri.len-1]==0) ; new_uri.len-- );
-		if (new_uri.len==0) {
-			LM_ERR("new URI got 0 len\n");
-			goto failed;
+		if (new_uri.s[i] == 0) {
+			new_uri.len = i;
+			break;
 		}
 	}
+	if (new_uri.len==0) {
+		LM_ERR("new URI got 0 len\n");
+		goto failed;
+	}
 
 	LM_DBG("decoded uris are: new=[%.*s] old=[%.*s]\n",
 		new_uri.len, new_uri.s, old_uri.len, old_uri.s);




More information about the sr-dev mailing list