[sr-dev] git:master:5aedfdf3: ims_auth: fixed crash when receiving a MAA without SIP-Number-Auth-Items or SIP-Auth-Data-Item

Federico Cabiddu federico.cabiddu at gmail.com
Thu Sep 17 19:41:47 CEST 2015 

Module: kamailio
Branch: master
Commit: 5aedfdf30088901fa0692d2f04c45883e87612ce
URL: https://github.com/kamailio/kamailio/commit/5aedfdf30088901fa0692d2f04c45883e87612ce

Author: Federico Cabiddu <federico.cabiddu at gmail.com>
Committer: Federico Cabiddu <federico.cabiddu at gmail.com>
Date: 2015-09-15T10:51:44+02:00

ims_auth: fixed crash when receiving a MAA without SIP-Number-Auth-Items or SIP-Auth-Data-Item

---

Modified: modules/ims_auth/cxdx_mar.c

---

Diff:  https://github.com/kamailio/kamailio/commit/5aedfdf30088901fa0692d2f04c45883e87612ce.diff
Patch: https://github.com/kamailio/kamailio/commit/5aedfdf30088901fa0692d2f04c45883e87612ce.patch

---

diff --git a/modules/ims_auth/cxdx_mar.c b/modules/ims_auth/cxdx_mar.c
index f075821..2c0b0be 100644
--- a/modules/ims_auth/cxdx_mar.c
+++ b/modules/ims_auth/cxdx_mar.c
@@ -157,13 +157,18 @@ void async_cdp_callback(int is_timeout, void *param, AAAMessage *maa, long elaps
     //get each individual element from the MAA
     cxdx_get_result_code(maa, &rc);
     cxdx_get_experimental_result_code(maa, &experimental_rc);
-    cxdx_get_sip_number_auth_items(maa, &sip_number_auth_items);
+
+    if (!cxdx_get_sip_number_auth_items(maa, &sip_number_auth_items)) {
+       sip_number_auth_items = 0;
+       goto success;
+    }
 
     //now assign the auth_data_item elements
     //there can be many of these in the MAA
     struct auth_data_item *adi;
     int adi_len;
     char *p;
+    int items_found = 0;
     while ((cxdx_get_auth_data_item_answer(maa, &auth_data, &item_number,
             &algorithm, &authenticate, &authorization2,
             &ck, &ik,
@@ -256,6 +261,8 @@ void async_cdp_callback(int is_timeout, void *param, AAAMessage *maa, long elaps
             adi->previous = adi_list->last;
             adi_list->last = adi;
         }
+	
+        items_found++;
     }
 
     if (!(rc) && !(experimental_rc)) {
@@ -304,7 +311,7 @@ void async_cdp_callback(int is_timeout, void *param, AAAMessage *maa, long elaps
 
 success:
 
-    if (!sip_number_auth_items) {
+    if (!sip_number_auth_items || !items_found) {
         stateful_request_reply_async(t, t->uas.request, 403, MSG_403_NO_AUTH_DATA);
         result = CSCF_RETURN_FALSE;
         goto done;

More information about the sr-dev mailing list