[sr-dev] git:3.2: modules_k/rls: Memory leak in parse_subs_state() in resource_notify.c
Peter Dunkley
peter.dunkley at crocodile-rcs.com
Thu Jan 26 15:08:57 CET 2012
Module: sip-router
Branch: 3.2
Commit: 14520f905e4354cc4b159745142fedb25b062ec5
URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=14520f905e4354cc4b159745142fedb25b062ec5
Author: pd <peter.dunkley at crocodile-rcs.com>
Committer: pd <peter.dunkley at crocodile-rcs.com>
Date: Thu Jan 26 13:59:06 2012 +0000
modules_k/rls: Memory leak in parse_subs_state() in resource_notify.c
- Also the function didn't appear to be doing quite the right thing.
- Found by Paul Pankhurst @ Crocodile RCS and fixed by Peter Dunkley @ Crocodile RCS
---
modules_k/rls/resource_notify.c | 77 +++++++++++++++++++--------------------
1 files changed, 38 insertions(+), 39 deletions(-)
diff --git a/modules_k/rls/resource_notify.c b/modules_k/rls/resource_notify.c
index f0b7ea1..762be0c 100644
--- a/modules_k/rls/resource_notify.c
+++ b/modules_k/rls/resource_notify.c
@@ -401,46 +401,39 @@ done:
}
-int parse_subs_state(str auth_state, str** reason, int* expires)
+int parse_subs_state(str auth_state, str *reason, int *expires)
{
str str_exp;
- str* res= NULL;
char* smc= NULL;
int len, flag= -1;
-
- if( strncmp(auth_state.s, "active", 6)== 0)
+ if (strncmp(auth_state.s, "active", 6)== 0)
flag= ACTIVE_STATE;
- if( strncmp(auth_state.s, "pending", 7)== 0)
+ if (strncmp(auth_state.s, "pending", 7)== 0)
flag= PENDING_STATE;
- if( strncmp(auth_state.s, "terminated", 10)== 0)
+ if (strncmp(auth_state.s, "terminated", 10)== 0)
{
smc= strchr(auth_state.s, ';');
- if(smc== NULL)
+ if (smc== NULL)
{
LM_ERR("terminated state and no reason found");
return -1;
}
- if(strncmp(smc+1, "reason=", 7))
+ if (strncmp(smc+1, "reason=", 7))
{
LM_ERR("terminated state and no reason found");
return -1;
- }
- res= (str*)pkg_malloc(sizeof(str));
- if(res== NULL)
- {
- ERR_MEM(PKG_MEM_STR);
- }
+ }
len= auth_state.len- 10- 1- 7;
- res->s= (char*)pkg_malloc(len* sizeof(char));
- if(res->s== NULL)
+ reason->s = (char*) pkg_malloc(len* sizeof(char));
+ if (reason->s== NULL)
{
ERR_MEM(PKG_MEM_STR);
}
- memcpy(res->s, smc+ 8, len);
- res->len= len;
+ memcpy(reason->s, smc+ 8, len);
+ reason->len= len;
return TERMINATED_STATE;
}
@@ -451,7 +444,7 @@ int parse_subs_state(str auth_state, str** reason, int* expires)
{
LM_ERR("active or pending state and no expires parameter found");
return -1;
- }
+ }
if(strncmp(smc+1, "expires=", 8))
{
LM_ERR("active or pending state and no expires parameter found");
@@ -461,22 +454,16 @@ int parse_subs_state(str auth_state, str** reason, int* expires)
str_exp.len= auth_state.s+ auth_state.len- smc- 9;
if( str2int(&str_exp, (unsigned int*)expires)< 0)
- {
+ {
LM_ERR("while getting int from str\n");
return -1;
- }
+ }
return flag;
}
- return -1;
error:
- if(res)
- {
- if(res->s)
- pkg_free(res->s);
- pkg_free(res);
- }
+ if (reason->s) pkg_free(reason->s);
return -1;
}
@@ -492,7 +479,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
int n_query_cols= 0;
str auth_state= {0, 0};
int found= 0;
- str* reason= NULL;
+ str reason = {0, 0};
int auth_flag;
struct hdr_field* hdr= NULL;
int n, expires= -1;
@@ -534,7 +521,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
}
memset(&dialog, 0, sizeof(ua_pres_t));
dialog.watcher_uri= &pto->uri;
- if (pto->tag_value.s==NULL || pto->tag_value.len==0 )
+ if (pto->tag_value.s==NULL || pto->tag_value.len==0 )
{
LM_ERR("to tag value not parsed\n");
goto error;
@@ -619,7 +606,7 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
*/
if(auth_flag==TERMINATED_STATE)
goto done;
- LM_ERR("no presence dialog record for non-TERMINATED state uri pres_uri = %.*s watcher_uri = %.*s\n",
+ LM_ERR("no presence dialog record for non-TERMINATED state uri pres_uri = %.*s watcher_uri = %.*s\n",
dialog.pres_uri->len, dialog.pres_uri->s, dialog.watcher_uri->len, dialog.watcher_uri->s);
goto error;
}
@@ -633,9 +620,9 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
/*constructing the xml body*/
if(get_content_length(msg) == 0 )
- {
- goto done;
- }
+ {
+ goto done;
+ }
else
{
if(content_type.s== 0)
@@ -680,12 +667,18 @@ int rls_handle_notify(struct sip_msg* msg, char* c1, char* c2)
query_vals[n_query_cols].val.int_val= auth_flag;
n_query_cols++;
- if(reason)
+ query_cols[n_query_cols]= &str_reason_col;
+ query_vals[n_query_cols].type = DB1_STR;
+ query_vals[n_query_cols].nul = 0;
+ if(reason.len > 0)
+ {
+ query_vals[n_query_cols].val.str_val.s= reason.s;
+ query_vals[n_query_cols].val.str_val.len= reason.len;
+ }
+ else
{
- query_cols[n_query_cols]= &str_reason_col;
- query_vals[n_query_cols].type = DB1_STR;
- query_vals[n_query_cols].nul = 0;
- query_vals[n_query_cols].val.str_val= *reason;
+ query_vals[n_query_cols].val.str_val.s = "";
+ query_vals[n_query_cols].val.str_val.len = 0;
n_query_cols++;
}
query_cols[n_query_cols]= &str_content_type_col;
@@ -761,6 +754,9 @@ done:
pkg_free(res_id->s);
pkg_free(res_id);
}
+
+ if (reason.s) pkg_free(reason.s);
+
free_to_params(&TO);
return 1;
@@ -770,6 +766,9 @@ error:
pkg_free(res_id->s);
pkg_free(res_id);
}
+
+ if (reason.s) pkg_free(reason.s);
+
free_to_params(&TO);
return -1;
}
More information about the sr-dev
mailing list