[sr-dev] [SR-Users] An error in msg_translator.c source file

Henning Westerholt hw at kamailio.org
Sun Dec 30 01:32:08 CET 2018 

Am Samstag, 29. Dezember 2018, 19:34:42 CET schrieb Mojtaba:
> In msg_translator.c source file, goes to check_via_address function in line
> 147,
> In that function, the length of both ip in host(name) and host(ip) is just
> checked in ipv6 (if condition section). the code are here:
> 
> /* check if name->s is an ipv6 address or an ipv6 address ref. */
> if ((ip->af==AF_INET6) &&
>       (  ((len==name->len)&&(strncasecmp(name->s, s, name->len)==0))
> 
>          ((len==(name->len-2))&&(name->s[0]=='[')&&
>             (name->s[name->len-1]==']')&&
>             (strncasecmp(name->s+1, s, len)==0))
>       )
>    ) {
>    return 0;
> }
> else {
>    if (unlikely(name->s==NULL)) {
>       LM_CRIT("invalid Via host name\n");
>       return -1;
>    }
> 
>    if (strncmp(name->s, s, name->len)==0)         //I think the length
> would be checked
>       return 0;
> }

Hello Mojtaba,

thank you for the report. This looks indeed not correct. I fixed this today in 
git master (commit 98ee014a) and will also backport it. I wonder why this was 
not found earlier, this is a really old function. But most people probably use 
DNS names in their VIAs.

Best regards,

Henning
 
> But in else section, the length does not check. I think it would be nice to
> check . like this:
> 
> if (len == name->len && strncmp(name->s, s, name->len)==0)
> 
> Not actually, i am not referring to git master yet. I just want to know do
> it would be nice or not?
> With Regards.Mojtaba Esfandiari.S
> 
> > > Does anybody know why the lenght of both ip-address (s and name) in
> > > check_via_address function in msg_translator.c source file dose not
> > > check first?
> > > Actually i think it's better do.
> > > For example if via:192.168.122.1 and src:192.168.122.100, the result
> > > returned true, as they are not the same!
> > > With.Regards. Mojtaba
> > 
> > Hello Mojtaba,
> > 
> > can you give more details, which line in e.g. git master are you referring
> > to?

-- 
Henning Westerholt - https://skalatan.de/blog/
Kamailio services - https://skalatan.de/services
Kamailio security assessment - https://skalatan.de/de/assessment

More information about the sr-dev mailing list