[sr-dev] git:5.1:d67b2f98: core: improve header safe guards for Via handling

Henning Westerholt hw at kamailio.org
Sun Jun 3 21:02:48 CEST 2018


Module: kamailio
Branch: 5.1
Commit: d67b2f9874ca23bd69f18df71b8f53b1b6151f6d
URL: https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d

Author: Henning Westerholt <hw at kamailio.org>
Committer: Henning Westerholt <hw at kamailio.org>
Date: 2018-06-03T21:02:35+02:00

core: improve header safe guards for Via handling

(cherry picked from commit ad68e402ece8089f133c10de6ce319f9e28c0692)

---

Modified: src/core/crc.c
Modified: src/core/msg_translator.c

---

Diff:  https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d.diff
Patch: https://github.com/kamailio/kamailio/commit/d67b2f9874ca23bd69f18df71b8f53b1b6151f6d.patch

---

diff --git a/src/core/crc.c b/src/core/crc.c
index 4628463245..23b2876ecf 100644
--- a/src/core/crc.c
+++ b/src/core/crc.c
@@ -231,6 +231,8 @@ void crcitt_string_array( char *dst, str src[], int size )
 	ccitt = 0xFFFF;
 	str_len=CRC16_LEN;
 	for (i=0; i<size; i++ ) {
+		/* invalid str with positive length and null char pointer */
+		if( unlikely(src[i].s==NULL)) break;
 		c=src[i].s;
 		len=src[i].len;
 		while(len) {
diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
index 201e3a5e1d..58978f958c 100644
--- a/src/core/msg_translator.c
+++ b/src/core/msg_translator.c
@@ -168,12 +168,17 @@ static int check_via_address(struct ip_addr* ip, str *name,
 						(name->s[name->len-1]==']')&&
 						(strncasecmp(name->s+1, s, len)==0))
 				)
-		   )
+		   ) {
 			return 0;
-		else
-
+		}
+		else {
+			if (unlikely(name->s==NULL)) {
+				LM_CRIT("invalid Via host name\n");
+				return -1;
+			}
 			if (strncmp(name->s, s, name->len)==0)
 				return 0;
+		}
 	}else{
 		LM_CRIT("could not convert ip address\n");
 		return -1;




More information about the sr-dev mailing list