[sr-dev] git:master:f609a83e: mi_rpc: init structures to avoid access to invalid content in case of errors
Daniel-Constantin Mierla
miconda at gmail.com
Thu Nov 3 09:16:07 CET 2016
Module: kamailio
Branch: master
Commit: f609a83e58eccae409a5966a002edba389bbc372
URL: https://github.com/kamailio/kamailio/commit/f609a83e58eccae409a5966a002edba389bbc372
Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2016-11-02T23:37:43+01:00
mi_rpc: init structures to avoid access to invalid content in case of errors
---
Modified: modules/mi_rpc/mi_rpc_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/f609a83e58eccae409a5966a002edba389bbc372.diff
Patch: https://github.com/kamailio/kamailio/commit/f609a83e58eccae409a5966a002edba389bbc372.patch
---
diff --git a/modules/mi_rpc/mi_rpc_mod.c b/modules/mi_rpc/mi_rpc_mod.c
index 32d444f..718aab8 100644
--- a/modules/mi_rpc/mi_rpc_mod.c
+++ b/modules/mi_rpc/mi_rpc_mod.c
@@ -496,25 +496,28 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
struct binrpc_handle rpc_handle;
struct binrpc_response_handle resp_handle;
int i;
-
+
str *fn;
struct mi_node *node;
char *command = NULL;
int param_count = 0;
char **parameters = NULL;
struct mi_root* result;
-
+
int resp_type;
int resp_code;
char *resp;
- /* response will be malloced by binrpc_response_to_text.
+ /* response will be malloced by binrpc_response_to_text.
We do not free it. It must remain after this call.
It will be reused by subsequent calls */
static unsigned char *response = NULL;
static int resp_len = 0;
-
- if (binrpc_open_connection_url(&rpc_handle, rpc_url) != 0)
+
+ memset(&rpc_handle, 0, sizeof(struct binrpc_handle));
+ memset(&resp_handle, 0, sizeof(struct binrpc_response_handle));
+
+ if (binrpc_open_connection_url(&rpc_handle, rpc_url) != 0)
{
LM_ERR( "Open connect to %s failed\n", rpc_url);
result = init_mi_tree( 500, (char *)CONNECT_FAILED, strlen(CONNECT_FAILED) );
@@ -527,12 +530,12 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
return( init_mi_tree( 400, MI_MISSING_PARM_S, MI_MISSING_PARM_LEN ));
fn = &node->value;
-
+
/* find_rpc_exports needs 0 terminated strings */
command = pkg_malloc(fn->len+1);
memcpy(command, fn->s, fn->len);
command[fn->len] = '\0';
-
+
/* Count the parameters. */
node = node->next;
while (node) {
@@ -564,9 +567,9 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
result = init_mi_tree( 500, (char *)FAILED, strlen(FAILED) );
goto end;
}
-
+
resp_type = binrpc_get_response_type(&resp_handle);
-
+
/* If we already have a buffer make it NULL terminated to discard any previous content */
if (resp_len > 0)
response[0]='\0';
@@ -582,12 +585,12 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
/* Some functions don't give a text answer; use a default */
result = init_mi_tree( 200, MI_OK_S, MI_OK_LEN );
break;
-
+
case 1:
/* Valid failure */
binrpc_parse_error_response(&resp_handle, &resp_code, &resp);
if (resp_len < strlen(resp) + 1)
- {
+ {
if (resp_len==0)
response = malloc(strlen(resp) + 1);
else
@@ -601,7 +604,7 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
/* Some functions don't give a text answer; use a default */
result = init_mi_tree( resp_code, (char *)FAILED, strlen(FAILED) );
break;
-
+
default:
result = init_mi_tree( 500, (char *)FAILED, strlen(FAILED) );
goto end;
@@ -610,7 +613,7 @@ static struct mi_root* mi_run_rpc(struct mi_root* cmd_tree, void* param)
end:
if (param_count > 0)
{
- for (i=0; i<param_count; i++)
+ for (i=0; i<param_count; i++)
{
pkg_free(parameters[i]);
}
More information about the sr-dev
mailing list