[sr-dev] git:master:eb6c9462: http_client: safety check for lenght of retrieved headers

Daniel-Constantin Mierla miconda at gmail.com
Thu Jul 27 11:35:22 CEST 2017


Module: kamailio
Branch: master
Commit: eb6c94626d02e5a6fc2c93328591c140853535da
URL: https://github.com/kamailio/kamailio/commit/eb6c94626d02e5a6fc2c93328591c140853535da

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2017-07-27T11:33:44+02:00

http_client: safety check for lenght of retrieved headers

---

Modified: src/modules/http_client/functions.c

---

Diff:  https://github.com/kamailio/kamailio/commit/eb6c94626d02e5a6fc2c93328591c140853535da.diff
Patch: https://github.com/kamailio/kamailio/commit/eb6c94626d02e5a6fc2c93328591c140853535da.patch

---

diff --git a/src/modules/http_client/functions.c b/src/modules/http_client/functions.c
index ea194250ed..c4fc39d6a4 100644
--- a/src/modules/http_client/functions.c
+++ b/src/modules/http_client/functions.c
@@ -333,8 +333,8 @@ static int curL_query_url(struct sip_msg* _m, const char* _url, str* _dst,
 	/* HTTP_CODE CHANGED TO CURLINFO_RESPONSE_CODE in curl > 7.10.7 */
 	curl_easy_getinfo(curl, CURLINFO_HTTP_CODE, &stat);
 	if(res == CURLE_OK) {
-		char *ct;
-		char *url;
+		char *ct = NULL;
+		char *url = NULL;
 
 		/* ask for the content-type of the response */
 		res = curl_easy_getinfo(curl, CURLINFO_CONTENT_TYPE, &ct);
@@ -342,14 +342,16 @@ static int curL_query_url(struct sip_msg* _m, const char* _url, str* _dst,
 
 		if(ct) {
 			LM_DBG("We received Content-Type: %s\n", ct);
-			if (params->pconn) {
+			if (params->pconn &&
+					strlen(ct)<sizeof(params->pconn->result_content_type)-1) {
 				strncpy(params->pconn->result_content_type, ct,
 						sizeof(params->pconn->result_content_type));
 			}
 		}
 		if(url) {
 			LM_DBG("We visited URL: %s\n", url);
-			if (params->pconn) {
+			if (params->pconn
+					&& strlen(url)<sizeof(params->pconn->redirecturl)-1) {
 				strncpy(params->pconn->redirecturl, url ,
 						sizeof(params->pconn->redirecturl));
 			}




More information about the sr-dev mailing list