[sr-dev] git:master:baed515e: core: parse content length - consider multi line header format

Daniel-Constantin Mierla miconda at gmail.com
Mon Sep 6 13:02:10 CEST 2021


Module: kamailio
Branch: master
Commit: baed515e8aed8e5b505ff716eb57d0c60e582632
URL: https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c60e582632

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2021-09-06T13:01:55+02:00

core: parse content length - consider multi line header format

- safety checks for log message when not parsing the message buffer

---

Modified: src/core/parser/parse_content.c

---

Diff:  https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c60e582632.diff
Patch: https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c60e582632.patch

---

diff --git a/src/core/parser/parse_content.c b/src/core/parser/parse_content.c
index 007217df96..34cdd40e36 100644
--- a/src/core/parser/parse_content.c
+++ b/src/core/parser/parse_content.c
@@ -219,6 +219,10 @@ char* parse_content_length(char* const buffer, const char* const end,
 	int  size;
 
 	p = buffer;
+	if(buffer>=end) {
+		LM_ERR("empty input buffer: %p - %p\n", buffer, end);
+		goto error;
+	}
 	/* search the begining of the number */
 	while ( p<end && (*p==' ' || *p=='\t' ||
 	(*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
@@ -235,20 +239,40 @@ char* parse_content_length(char* const buffer, const char* const end,
 	}
 	if (p==end || size==0)
 		goto error;
-	/* now we should have only spaces at the end */
-	while ( p<end && (*p==' ' || *p=='\t' ||
-	(*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
-		p++;
-	if (p==end)
-		goto error;
-	/* the header ends proper? */
-	if ( (*(p++)!='\n') && (*(p-1)!='\r' || *(p++)!='\n' ) )
-		goto error;
+	do {
+		/* only spaces till the end-of-header */
+		while (p<end && (*p==' ' || *p=='\t')) p++;
+		if (p==end)
+			goto error;
+		/* EOH with \n or \r\n */
+		if(*p=='\n') {
+			p++;
+		} else if (p+1<end && *p=='\r' && *(p+1)=='\n') {
+			p += 2;
+		} else {
+			/* no valid EOH */
+			goto error;
+		}
+		if(p<end) {
+			/* multi line header body */
+			if(*p==' ' || *p=='\t') {
+				p++;
+				if (p==end)
+					goto error;
+			} else {
+				break;
+			}
+		}
+	} while(p<end);
 
 	*length = number;
 	return p;
 error:
-	LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+	if(p<end) {
+		LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+	} else {
+		LM_ERR("parse error over the end of input: %p - %p\n", buffer, end);
+	}
 	return 0;
 }
 




More information about the sr-dev mailing list