[sr-dev] git:master:59389b28: rtjson: safety check for branch index stored interanlly in xavp

Daniel-Constantin Mierla miconda at gmail.com
Tue Jun 23 16:53:47 CEST 2015


Module: kamailio
Branch: master
Commit: 59389b288fd50369226681b309c0895de03d7b77
URL: https://github.com/kamailio/kamailio/commit/59389b288fd50369226681b309c0895de03d7b77

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2015-06-23T16:45:17+02:00

rtjson: safety check for branch index stored interanlly in xavp

---

Modified: modules/rtjson/rtjson_routing.c

---

Diff:  https://github.com/kamailio/kamailio/commit/59389b288fd50369226681b309c0895de03d7b77.diff
Patch: https://github.com/kamailio/kamailio/commit/59389b288fd50369226681b309c0895de03d7b77.patch

---

diff --git a/modules/rtjson/rtjson_routing.c b/modules/rtjson/rtjson_routing.c
index c9ee5c3..bb59da5 100644
--- a/modules/rtjson/rtjson_routing.c
+++ b/modules/rtjson/rtjson_routing.c
@@ -677,6 +677,10 @@ int rtjson_update_branch(sip_msg_t *msg)
 		LM_WARN("no idx for routing\n");
 		return -1;
 	}
+	if(iavp->val.v.i<=0) {
+		LM_WARN("invalid branch idx for routing\n");
+		return -1;
+	}
 
 	srjson_InitDoc(&tdoc, NULL);
 
@@ -708,7 +712,8 @@ int rtjson_update_branch(sip_msg_t *msg)
 	nj = tj->child;
 
 	i = 0;
-	while(nj && i<iavp->val.v.i) {
+	/* stop at number of branches - 1 */
+	while(nj && i<iavp->val.v.i-1) {
 		nj = nj->next;
 		i++;
 	}




More information about the sr-dev mailing list