[sr-dev] git:master: core: Added null pointer check to parser/msg_parser.c: get_hdr_field().
Alex Balashov
abalashov at evaristesys.com
Sun Aug 5 14:40:27 CEST 2012
Module: sip-router
Branch: master
Commit: 9fc34aad6328a92b7572ae077d9ff4d2699dbb48
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9fc34aad6328a92b7572ae077d9ff4d2699dbb48
Author: Alex Balashov <abalashov at evaristesys.com>
Committer: Alex Balashov <abalashov at evaristesys.com>
Date: Sun Aug 5 08:22:12 2012 -0400
core: Added null pointer check to parser/msg_parser.c:get_hdr_field().
Encountered crash bug in which 'buf' pointer passed to get_hdr_field()
was null. There is no null check, so attempts to dereference it lead to
a crash:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -u root -g root -f /r'.
Program terminated with signal 11, Segmentation fault.
at parser/msg_parser.c:102
102 if ((*buf)=='\n' || (*buf)=='\r'){
Fixed by adding a check for buf == NULL to top of function.
---
parser/msg_parser.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/parser/msg_parser.c b/parser/msg_parser.c
index 803ee07..b279e47 100644
--- a/parser/msg_parser.c
+++ b/parser/msg_parser.c
@@ -96,6 +96,11 @@ char* get_hdr_field(char* const buf, char* const end, struct hdr_field* const hd
int integer, err;
unsigned uval;
+ if(!buf) {
+ DBG("null buffer pointer\n");
+ goto error;
+ }
+
if ((*buf)=='\n' || (*buf)=='\r'){
/* double crlf or lflf or crcr */
DBG("found end of header\n");
More information about the sr-dev
mailing list