[sr-dev] git:master:5613130b: topos: free temporary sip msg structure when handling 100 replies

Daniel-Constantin Mierla miconda at gmail.com
Fri Apr 21 16:10:19 CEST 2017


Module: kamailio
Branch: master
Commit: 5613130b8d1e5b75668bcf1635ce43ea9852f2ef
URL: https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-04-21T16:10:06+02:00

topos: free temporary sip msg structure when handling 100 replies

- it can lead to memory leak, reported by Sergey Basov

---

Modified: src/modules/topos/topos_mod.c

---

Diff:  https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef.diff
Patch: https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef.patch

---

diff --git a/src/modules/topos/topos_mod.c b/src/modules/topos/topos_mod.c
index 14297f7..7b1ef89 100644
--- a/src/modules/topos/topos_mod.c
+++ b/src/modules/topos/topos_mod.c
@@ -280,12 +280,14 @@ int tps_msg_received(void *data)
 	str *obuf;
 	char *nbuf = NULL;
 	int dialog;
+	int ret;
 
 	obuf = (str*)data;
 	memset(&msg, 0, sizeof(sip_msg_t));
 	msg.buf = obuf->s;
 	msg.len = obuf->len;
 
+	ret = 0;
 	if(tps_prepare_msg(&msg)!=0) {
 		goto done;
 	}
@@ -310,17 +312,22 @@ int tps_msg_received(void *data)
 		/* reply */
 		if(msg.first_line.u.reply.statuscode==100) {
 			/* nothing to do - it should be absorbed */
-			return 0;
+			goto done;
 		}
 		tps_response_received(&msg);
 	}
 
 	nbuf = tps_msg_update(&msg, (unsigned int*)&obuf->len);
 
+	if(nbuf==NULL) {
+		LM_ERR("not enough pkg memory for new message\n");
+		ret = -1;
+		goto done;
+	}
 	if(obuf->len>=BUF_SIZE) {
 		LM_ERR("new buffer overflow (%d)\n", obuf->len);
-		pkg_free(nbuf);
-		return -1;
+		ret = -1;
+		goto done;
 	}
 	memcpy(obuf->s, nbuf, obuf->len);
 	obuf->s[obuf->len] = '\0';
@@ -329,7 +336,7 @@ int tps_msg_received(void *data)
 	if(nbuf!=NULL)
 		pkg_free(nbuf);
 	free_sip_msg(&msg);
-	return 0;
+	return ret;
 }
 
 /**
@@ -368,7 +375,7 @@ int tps_msg_sent(void *data)
 		/* reply */
 		if(msg.first_line.u.reply.statuscode==100) {
 			/* nothing to do - it should be locally generated */
-			return 0;
+			goto done;
 		}
 		tps_response_sent(&msg);
 	}




More information about the sr-dev mailing list