[sr-dev] git:master:d7e42cee: modules/ims_registrar_scscf: fixed segfault on multiple impu when building notify
jaybeepee
jason.penton at gmail.com
Fri Feb 12 19:48:24 CET 2016
Module: kamailio
Branch: master
Commit: d7e42ceef76e66b06d97159e71043fd552a29e8c
URL: https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd552a29e8c
Author: jaybeepee <jason.penton at gmail.com>
Committer: jaybeepee <jason.penton at gmail.com>
Date: 2016-02-12T20:48:14+02:00
modules/ims_registrar_scscf: fixed segfault on multiple impu when building notify
- also reported and fixed by Dragos Oancea
---
Modified: modules/ims_registrar_scscf/registrar_notify.c
---
Diff: https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd552a29e8c.diff
Patch: https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd552a29e8c.patch
---
diff --git a/modules/ims_registrar_scscf/registrar_notify.c b/modules/ims_registrar_scscf/registrar_notify.c
index df1f0b1..70eb978 100644
--- a/modules/ims_registrar_scscf/registrar_notify.c
+++ b/modules/ims_registrar_scscf/registrar_notify.c
@@ -2006,9 +2006,9 @@ reg_notification * new_notification(str subscription_state,
char *p;
len = sizeof (reg_notification) + r->call_id.len + r->from_tag.len + r->to_tag.len + r->watcher_uri.len + r->watcher_contact.len +
- r->record_route.len + r->sockinfo_str.len + r->presentity_uri.len + subscription_state.len + content_type.len + (num_impus*sizeof(str)); // + buf.len;
+ r->record_route.len + r->sockinfo_str.len + r->presentity_uri.len + subscription_state.len + content_type.len + (num_impus)*sizeof(str); // + buf.len;
for (i=0; i<num_impus; i++) {
- len += impus[i]->len;
+ len += (*impus)[i].len;
}
LM_DBG("Creating new notification");
@@ -2084,13 +2084,13 @@ reg_notification * new_notification(str subscription_state,
p += content_type.len;
LM_DBG("Notification content type: [%.*s]", n->content_type.len, n->content_type.s);
- n->impus = p;
+ n->impus = (str*)p;
p += sizeof(str)*num_impus;
for (i=0; i<num_impus; i++) {
n->impus[i].s = p;
- memcpy(p, impus[i]->s, impus[i]->len);
- n->impus[i].len = impus[i]->len;
- p += impus[i]->len;
+ memcpy(p, (*impus)[i].s, (*impus)[i].len);
+ n->impus[i].len = (*impus)[i].len;
+ p += (*impus)[i].len;
}
n->num_impus = num_impus;
More information about the sr-dev
mailing list