[sr-dev] git:4.4:39874e41: dialplan: safe checks for match expression

Daniel-Constantin Mierla miconda at gmail.com
Tue Dec 20 08:37:19 CET 2016 

Module: kamailio
Branch: 4.4
Commit: 39874e415c754263e6c847bb19d89c5ef615e376
URL: https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2016-12-20T08:36:20+01:00

dialplan: safe checks for match expression

- test if null to avoid invalid use in comparison functions
- reported by Julia Boudniatsky
(backport of commit 3a48835cf68f583ff2fbd7cec9bd76ddc0a1b6fc)

---

Modified: modules/dialplan/dp_repl.c

---

Diff:  https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376.diff
Patch: https://github.com/kamailio/kamailio/commit/39874e415c754263e6c847bb19d89c5ef615e376.patch

---

diff --git a/modules/dialplan/dp_repl.c b/modules/dialplan/dp_repl.c
index 959c4bc..03727fd 100644
--- a/modules/dialplan/dp_repl.c
+++ b/modules/dialplan/dp_repl.c
@@ -583,7 +583,7 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 	dpl_dyn_pcre_p rt = NULL;
 
 	if(!input.s || !input.len) {
-		LM_ERR("invalid input string\n");
+		LM_WARN("invalid or empty input string to be matched\n");
 		return -1;
 	}
 
@@ -635,7 +635,8 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 
 			case DP_EQUAL_OP:
 				LM_DBG("equal operator testing\n");
-				if(rulep->match_exp.len != input.len) {
+				if(rulep->match_exp.s==NULL
+						|| rulep->match_exp.len != input.len) {
 					rez = -1;
 				} else {
 					rez = strncmp(rulep->match_exp.s,input.s,input.len);
@@ -645,11 +646,15 @@ int translate(sip_msg_t *msg, str input, str *output, dpl_id_p idp,
 
 			case DP_FNMATCH_OP:
 				LM_DBG("fnmatch operator testing\n");
-				b = input.s[input.len];
-				input.s[input.len] = '\0';
-				rez = fnmatch(rulep->match_exp.s, input.s, 0);
-				input.s[input.len] = b;
-				rez = (rez==0)?0:-1;
+				if(rulep->match_exp.s!=NULL) {
+					b = input.s[input.len];
+					input.s[input.len] = '\0';
+					rez = fnmatch(rulep->match_exp.s, input.s, 0);
+					input.s[input.len] = b;
+					rez = (rez==0)?0:-1;
+				} else {
+					rez = -1;
+				}
 				break;
 
 			default:

More information about the sr-dev mailing list