[sr-dev] git:master:db3b9dbd: tm: crash on memcpy fix
Roman Romanchenko
rromanchenko at sipwise.com
Fri Aug 31 11:24:42 CEST 2018
Module: kamailio
Branch: master
Commit: db3b9dbd48f7bb74abf08b0e97bcac15015df719
URL: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719
Author: Roman Romanchenko <rromanchenko at sipwise.com>
Committer: Roman Romanchenko <rromanchenko at sipwise.com>
Date: 2018-08-31T12:02:43+03:00
tm: crash on memcpy fix
- in some cases tag is not initialized and lead to crash.
Memory pointer check before writing to added.
---
Modified: src/modules/tm/t_reply.c
---
Diff: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719.diff
Patch: https://github.com/kamailio/kamailio/commit/db3b9dbd48f7bb74abf08b0e97bcac15015df719.patch
---
diff --git a/src/modules/tm/t_reply.c b/src/modules/tm/t_reply.c
index 474851aa7c..f53625e833 100644
--- a/src/modules/tm/t_reply.c
+++ b/src/modules/tm/t_reply.c
@@ -299,6 +299,7 @@ inline static int update_totag_set(struct cell *t, struct sip_msg *ok)
for (i=t->fwded_totags; i; i=i->next) {
if (i->tag.len==tag->len
+ && i->tag.s
&& memcmp(i->tag.s, tag->s, tag->len) ==0 ){
/* to tag already recorded */
LM_DBG("to-tag retransmission\n");
More information about the sr-dev
mailing list