[sr-dev] [kamailio/kamailio] textops: get_body_part doesn't detect multipart headers ending properly (#564)

foucse notifications at github.com
Sun Apr 24 01:11:03 CEST 2016 

I finally had some time to look into the source code, the issue comes from the file textops/textops.c:2071

```C
	while (find_line_start("Content-Type: ", 14, &start, &len))
	{
		end = start + 14;
		len = len - 14;
		if (len > (content_type.len + 2)) {
			if (strncasecmp(end, content_type.s, content_type.len)== 0)
			{
				LM_DBG("found content type %.*s\n",
					content_type.len, content_type.s);
				end = end + content_type.len;
				if ((*end != 13) || (*(end + 1) != 10))
				{
					LM_ERR("no CRLF found after content type\n");
					goto err;
				}
				end = end + 2;
				len = len - content_type.len - 2;
				body_headers_end = end;
				if (find_line_start(boundary.s, boundary.len, &end,
					&len))
				{
```

Thanks to the pull "textops: Fix get_body_part() end of body headers #423" by smititelu, textops is now able to find the end of multipart headers in the simple case of just a "Content-type" header. But it is not able to handle more complex cases like this one for instance (from RFC 5621 https://tools.ietf.org/html/rfc5621#section-3.1):

```
      INVITE sip:conf-fact at example.com SIP/2.0
      Content-Type: multipart/mixed;boundary="boundary1"
      Content-Length: 619

      --boundary1
      Content-Type: application/sdp

      v=0
      o=alice 2890844526 2890842807 IN IP4 atlanta.example.com
      s=-
      c=IN IP4 192.0.2.1
      t=0 0
      m=audio 20000 RTP/AVP 0
      a=rtpmap:0 PCMU/8000
      m=video 20002 RTP/AVP 31
      a=rtpmap:31 H261/90000

      --boundary1
      Content-Type: application/resource-lists+xml
      Content-Disposition: recipient-list

      <?xml version="1.0" encoding="UTF-8"?>
      <resource-lists xmlns="urn:ietf:params:xml:ns:resource-lists">
        <list>
          <entry uri="sip:bill at example.com"/>
          <entry uri="sip:randy at example.net"/>
          <entry uri="sip:joe at example.org"/>
        </list>
      </resource-lists>
      --boundary1--

                   Figure 2: SIP message carrying a body
```

Here "Content-Disposition: recipient-list" would be taken into the second body because the variable body_headers_end would be set just after the content type header by find_line_start("Content-Type: ", 14, &start, &len).

I think that maybe something like:
```C
body_headers_end = find_line_start("\r\n", 14, &start, &len);
```
Instead of:
```C
body_headers_end = end;
```
Might help. Because a \r\n should always separate headers from the body as it is specified for instance in RFC 3261 (https://tools.ietf.org/html/rfc3261#section-7) for SIP headers:

```
         generic-message  =  start-line
                             *message-header
                             CRLF
                             [ message-body ]
         start-line       =  Request-Line / Status-Line
```

I will test this solution as soon I will have more spare time.

---
You are receiving this because you commented.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/564#issuecomment-213852048
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20160423/9526a698/attachment.html>

More information about the sr-dev mailing list