[sr-dev] git:master:6d46ec71: core: dns - safety checks for port and proto

Daniel-Constantin Mierla miconda at gmail.com
Mon Apr 12 07:58:04 CEST 2021


Module: kamailio
Branch: master
Commit: 6d46ec71f941b9db9c06c6c2edac14fc9f3d1074
URL: https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14fc9f3d1074

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-04-11T09:09:24+02:00

core: dns - safety checks for port and proto

---

Modified: src/core/dns_cache.c
Modified: src/core/resolve.c

---

Diff:  https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14fc9f3d1074.diff
Patch: https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14fc9f3d1074.patch

---

diff --git a/src/core/dns_cache.c b/src/core/dns_cache.c
index 7dbde8f378..58247265eb 100644
--- a/src/core/dns_cache.c
+++ b/src/core/dns_cache.c
@@ -3011,25 +3011,30 @@ inline static int dns_srv_resolve_ip(struct dns_srv_handle* h,
 {
 	int ret;
 	str host;
+	unsigned short vport;
 
 	host.len=0;
 	host.s=0;
+	if(port) vport =*port;
+	else vport = 0;
+
 	do{
 		if (h->a==0){
 #ifdef DNS_SRV_LB
 			if ((ret=dns_srv_resolve_nxt(&h->srv,
 								(flags & DNS_SRV_RR_LB)?&h->srv_tried_rrs:0,
 								&h->srv_no,
-								name, &host, port))<0)
+								name, &host, &vport))<0)
 				goto error;
 #else
 			if ((ret=dns_srv_resolve_nxt(&h->srv, &h->srv_no,
-								name, &host, port))<0)
+								name, &host, &vport))<0)
 				goto error;
 #endif
-			h->port=*port; /* store new port */
+			h->port=vport; /* store new port */
+			if(port) *port=vport;
 		}else{
-			*port=h->port; /* return the stored port */
+			if(port) *port=h->port; /* return the stored port */
 		}
 		if ((ret=dns_ip_resolve(&h->a, &h->ip_no, &host, ip, flags))<0){
 			/* couldn't find any good ip for this record, try the next one */
@@ -3257,6 +3262,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
 	char n_proto, origproto;
 	str srv_name;
 	int ret;
+	int res;
 	int try_lookup_naptr = 0;
 
 	ret=-E_DNS_NO_NAPTR;
@@ -3302,7 +3308,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
 
 	if (!try_lookup_naptr) {
 		if(proto) *proto=origproto;
-		int res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
+		res = dns_srv_sip_resolve(h, name, ip, port, proto, flags);
 		if (res) {
 			mark_skip_current_naptr(e->rr_lst, h->srv);
 			if (have_more_active_naptr(e->rr_lst)) {
@@ -3324,8 +3330,8 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h,  str* name,
 				LM_DBG("(%.*s, %d, %d), srv0, ret=%d\n",
 								name->len, name->s, h->srv_no, h->ip_no, ret);
 				dns_hash_put(e);
-				*proto=n_proto;
-				h->proto=*proto;
+				if(proto) *proto=n_proto;
+				h->proto=n_proto;
 				return ret;
 			}
 		}
@@ -4130,7 +4136,9 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e,
 		new_rr->rdata = (void*)((char*)new_rr+rr_size);
 		new_rr->expire = now + S_TO_TICKS(ttl);
 		/* link the rr to the previous one */
-		last_rr->next = new_rr;
+		if(last_rr) {
+			last_rr->next = new_rr;
+		}
 
 		/* fix the total_size and expires values */
 		new->total_size=rounded_size+rr_size+rdata_size;
@@ -4396,7 +4404,7 @@ int dns_cache_add_record(unsigned short type,
 
 				if (*rr_iter != new_rr->next) {
 					/* unlink rr from the list */
-					*rr_p = (*rr_p)->next;
+					*rr_p = (*rr_p)?(*rr_p)->next:NULL;
 					/* link it before *rr_iter */
 					new_rr->next = *rr_iter;
 					*rr_iter = new_rr;
diff --git a/src/core/resolve.c b/src/core/resolve.c
index 928f6af3c5..deb20a740c 100644
--- a/src/core/resolve.c
+++ b/src/core/resolve.c
@@ -1261,7 +1261,7 @@ struct hostent* srv_sip_resolvehost(str* name, int zt, unsigned short* port,
 	if (is_srv){
 		/* skip directly to srv resolving */
 		srv_proto=(proto)?*proto:0;
-		*port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
+		if(port) *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT;
 		if (zt){
 			srv_target=name->s; /* name.s must be 0 terminated in
 								  this case */




More information about the sr-dev mailing list