[sr-dev] git:4.2:1e4043f5: dialog: Sanity checks

Stefan Mititelu stefan.mititelu at 1and1.ro
Tue Nov 3 15:53:10 CET 2015


Module: kamailio
Branch: 4.2
Commit: 1e4043f5c7af6204117a8780b0afe5c00b26be28
URL: https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c00b26be28

Author: Stefan Mititelu <stefan.mititelu at 1and1.ro>
Committer: Stefan Mititelu <stefan.mititelu at 1and1.ro>
Date: 2015-11-03T16:51:12+02:00

dialog: Sanity checks

Add NULL checks for the parse_dlg_rr_param().
Segfault when 'did' parameter was empty in the Route header (e.g. 'did=').

(cherry picked from commit 876787d977c46ffcb1288f5eb66e91145cba1061)

---

Modified: modules/dialog/dlg_handlers.c

---

Diff:  https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c00b26be28.diff
Patch: https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c00b26be28.patch

---

diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c
index 7dc8478..d4eab6a 100644
--- a/modules/dialog/dlg_handlers.c
+++ b/modules/dialog/dlg_handlers.c
@@ -996,7 +996,29 @@ static inline int parse_dlg_rr_param(char *p, char *end, int *h_entry, int *h_id
 {
 	char *s;
 
+	/* sanity checks */
+	if (!p) {
+		LM_ERR("NULL start of parameter string");
+		return -1;
+	}
+
+	if (!end) {
+		LM_ERR("NULL end of parameter string");
+		return -1;
+	}
+
+	if (!h_entry) {
+		LM_ERR("NULL h_entry");
+		return -1;
+	}
+
+	if (!h_id) {
+		LM_ERR("NULL h_id");
+		return -1;
+	}
+
 	for ( s=p ; p<end && *p!=DLG_SEPARATOR ; p++ );
+
 	if (*p!=DLG_SEPARATOR) {
 		LM_ERR("malformed rr param '%.*s'\n", (int)(long)(end-s), s);
 		return -1;




More information about the sr-dev mailing list