[sr-dev] git:luismartingil/msrp_crash: msrp: improved parser

Luis Martin Gil martingil.luis at gmail.com
Wed Apr 16 16:58:02 CEST 2014


Module: sip-router
Branch: luismartingil/msrp_crash
Commit: 23ad1fb98941507338edba7136327896033ed18f
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=23ad1fb98941507338edba7136327896033ed18f

Author: Luis Martin Gil <martingil.luis at gmail.com>
Committer: Luis Martin Gil <martingil.luis at gmail.com>
Date:   Wed Apr 16 14:55:35 2014 +0000

    msrp: improved parser

    - msrp parser patched so Kamailio doesn't crash when receiving
      non-rfc4975 compliant msrp messages

---

 modules/msrp/msrp_parser.c |   31 ++++++++++++++++++++++++++++++-
 1 files changed, 30 insertions(+), 1 deletions(-)

diff --git a/modules/msrp/msrp_parser.c b/modules/msrp/msrp_parser.c
index d7a2ced..8df1a92 100644
--- a/modules/msrp/msrp_parser.c
+++ b/modules/msrp/msrp_parser.c
@@ -81,7 +81,7 @@ int msrp_parse_frame(msrp_frame_t *mf)
 	}
 	if(msrp_parse_headers(mf)<0)
 	{
-		LM_ERR("unable to parse first line\n");
+		LM_ERR("unable to parse headers\n");
 		return -1;
 	}
 	return 0;
@@ -221,6 +221,10 @@ int msrp_parse_headers(msrp_frame_t *mf)
 	msrp_hdr_t *hdr;
 	msrp_hdr_t *last;
 
+	int fpath = 0; /* From path set */
+	int tpath = 0; /* To path set */
+	int any = 0; /* Any header set */
+
 	/* already parsed?!? */
 	if(mf->headers != NULL)
 		return 0;
@@ -291,12 +295,37 @@ int msrp_parse_headers(msrp_frame_t *mf)
 		}
 		msrp_hdr_set_type(hdr);
 	
+		if (hdr->htype == MSRP_HDR_TO_PATH) {
+		  tpath = 1;
+		  if (fpath || any) {
+		    LM_ERR("broken msrp frame message, To-Path must be the first header.\n");
+		    return -1;		    
+		  }
+		} else if (hdr->htype == MSRP_HDR_FROM_PATH) {
+		  fpath = 1;
+		  if (!tpath || any) {
+		    LM_ERR("broken msrp frame message, From-Path must be the second header.\n");
+		    return -1;
+		  }
+		} else {
+		  any = 1;
+		  if (!tpath || !fpath) {
+		    LM_ERR("broken msrp frame message, To-Path and From-Path must be defined before any header.\n");
+		    return -1;
+		  }
+		}
+		
 		LM_DBG("MSRP Header: (%p) [%.*s] [%d] [%.*s]\n",
 				hdr, hdr->name.len, hdr->name.s, hdr->htype,
 				hdr->body.len, hdr->body.s);
 		s = l + 1;
 	}
 
+	if (!tpath || !fpath) {
+	  LM_ERR("broken msrp frame message, To-Path and From-Path must be defined.\n");
+	  return -1;
+	}
+
 ateoh:
 	if(mf->mbody.s!=NULL)
 	{




More information about the sr-dev mailing list