[sr-dev] some potential utils/http_query() issues

Daniel-Constantin Mierla miconda at gmail.com
Fri Jul 17 10:07:34 CEST 2015


while investigating https://github.com/kamailio/kamailio/issues/212, I
noticed some potential issues in http_query() from utils module. Not
being the developer and not using this function myself that much so far,
I wanted to get others reviewing my remarks.

1) at line 168 in the modules/utils/functions.c, download_size is get
via CURL option and it is used in the following lines as size of
stream.buf, which is allocated with pkg, but set to have the size
stream.curr_size. For me it doesn't look safe to use download_size as
limit to walk through stream.buf

2) same for setting the value of PV, when CRLF is not found
download_size is used

3) in write_function(), it seems that for successive calls of the
function one extra byte is added to the size. It is intended for keeping
ending '\0', but should be enough only once. Could be harmless (few
extra bytes allocated, when not really needed), but is important to know
that actual value is up to stream.pos+1 (to include the '\0'), not to

Are those above valid, or did I miss something?


Daniel-Constantin Mierla
http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda
Book: SIP Routing With Kamailio - http://www.asipto.com

More information about the sr-dev mailing list