[sr-dev] git:master:0afc10d9: core: protect for unsigned int value overflow on string convert

Mon Nov 29 11:25:40 CET 2021

Module: kamailio
Branch: master
Commit: 0afc10d9b1b3f65b92d649d530b6363476b3d03b
URL: https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363476b3d03b

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-11-29T11:25:08+01:00

core: protect for unsigned int value overflow on string convert

---

Modified: src/core/ut.h

---

Diff:  https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363476b3d03b.diff
Patch: https://github.com/kamailio/kamailio/commit/0afc10d9b1b3f65b92d649d530b6363476b3d03b.patch

---

diff --git a/src/core/ut.h b/src/core/ut.h
index 1dd0706f59..9b899a94e7 100644
--- a/src/core/ut.h
+++ b/src/core/ut.h
@@ -628,7 +628,7 @@ static inline void strlower(str* _s)
 }
 
 
-#define str2unval(_s, _r) do { \
+#define str2unval(_s, _r, _vmax) do { \
 		int i; \
 		if (_r == NULL) return -1; \
 		*_r = 0; \
@@ -637,7 +637,13 @@ static inline void strlower(str* _s)
 		if (_s->s == NULL) return -1; \
 		for(i = 0; i < _s->len; i++) { \
 			if ((_s->s[i] >= '0') && (_s->s[i] <= '9')) { \
+				if(*_r > _vmax/10) { \
+					return -1; \
+				} \
 				*_r *= 10; \
+				if(*_r > _vmax - (_s->s[i] - '0')) { \
+					return -1; \
+				} \
 				*_r += _s->s[i] - '0'; \
 			} else { \
 				return -1; \
@@ -651,7 +657,7 @@ static inline void strlower(str* _s)
  */
 static inline int str2ulong(str* _s, unsigned long* _r)
 {
-	str2unval(_s, _r);
+	str2unval(_s, _r, ULONG_MAX);
 }
 
 /*
@@ -659,7 +665,7 @@ static inline int str2ulong(str* _s, unsigned long* _r)
  */
 static inline int str2int(str* _s, unsigned int* _r)
 {
-	str2unval(_s, _r);
+	str2unval(_s, _r, UINT_MAX);
 }
 
 #define str2snval(_s, _r, _vmin, _vmax) do { \


