[sr-dev] [kamailio] parser: Fix read buffer overflow in parse_hname2 (#308)
Daniel-Constantin Mierla
notifications at github.com
Wed Sep 2 12:38:03 CEST 2015
Analyzed the code and the match was happening anyhow because the case for match last part of "Reason:" is having IF conditions to cover the last three bytes, instead of the full 4 bytes value - inside parser/case_reas.h:
```
if ((LOWER_DWORD(val)&0x00ffffff) ==\
(_on1_&0x00ffffff)){ \
hdr->type = HDR_REASON_T; \
hdr->name.len = 6; \
return (p+3); \
}
```
I am going to merge manually, to adjust the commit message. Also, I will push some other patches to make the use of parse_hname2() safer for fixups and parsing when only the header name is in the input buffer.
Given that the header name parsing became again actual, I may revive my plans to rework it with a better approach.
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/308#issuecomment-137021784
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150902/86b0a5ba/attachment.html>
More information about the sr-dev
mailing list