[sr-dev] git:master:0eda1dde: presence_xml: safety check for lenght of node name in xml transformations

Daniel-Constantin Mierla miconda at gmail.com
Thu Jul 13 17:20:49 CEST 2017 

Module: kamailio
Branch: master
Commit: 0eda1dde62a6d3d805f0ae32db67055aa0705ce8
URL: https://github.com/kamailio/kamailio/commit/0eda1dde62a6d3d805f0ae32db67055aa0705ce8

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-07-13T17:13:46+02:00

presence_xml: safety check for lenght of node name in xml transformations

---

Modified: src/modules/presence_xml/notify_body.c

---

Diff:  https://github.com/kamailio/kamailio/commit/0eda1dde62a6d3d805f0ae32db67055aa0705ce8.diff
Patch: https://github.com/kamailio/kamailio/commit/0eda1dde62a6d3d805f0ae32db67055aa0705ce8.patch

---

diff --git a/src/modules/presence_xml/notify_body.c b/src/modules/presence_xml/notify_body.c
index 5fc58323f8..20160c550c 100644
--- a/src/modules/presence_xml/notify_body.c
+++ b/src/modules/presence_xml/notify_body.c
@@ -222,14 +222,15 @@ str* get_final_notify_body( subs_t *subs, str* notify_body, xmlNodePtr rule_node
 	xmlNodePtr doc_root = NULL, doc_node = NULL, provide_node = NULL;
 	xmlNodePtr all_node = NULL;
 	xmlDocPtr doc= NULL;
-	char name[15];
-	char service_uri_scheme[10];
+#define KSR_FNB_NAME_SIZE	24
+	char name[KSR_FNB_NAME_SIZE];
+	char service_uri_scheme[16];
 	int i= 0, found = 0;
 	str* new_body = NULL;
     char* class_cont = NULL, *occurence_ID= NULL, *service_uri= NULL;
 	char* deviceID = NULL;
 	char* content = NULL;
-	char all_name[20];
+	char all_name[KSR_FNB_NAME_SIZE+8];
 
 	strcpy(all_name, "all-");
 
@@ -269,7 +270,12 @@ str* get_final_notify_body( subs_t *subs, str* notify_body, xmlNodePtr rule_node
 
 		LM_DBG("transf_node->name:%s\n",node->name);
 
-		strcpy((char*)name ,(char*)(node->name + 8));
+		/* skip 'provide-' (e.g., provide-services) */
+		if(strlen((char*)(node->name + 8))>KSR_FNB_NAME_SIZE-1) {
+			LM_INFO("unsupported handling of: %s\n", (char*)node->name);
+			continue;
+		}
+		strcpy((char*)name, (char*)(node->name + 8));
 		strcpy(all_name+4, name);
 		
 		if(xmlStrcasecmp((unsigned char*)name,(unsigned char*)"services") == 0)

More information about the sr-dev mailing list