[sr-dev] [kamailio/kamailio] ims_registrar_scscf: use xmlParseMemory instead of xmlParseDoc (PR #3050)

Kristiyan Peychev notifications at github.com
Thu Mar 10 21:18:36 CET 2022

The bug I encountered was quite the corner case, I'm not surprised nobody's noticed it. It's because the strings here are not zero-terminated by default, but `parse_user_data` requires a zero-terminated string by virtue of documentation. The bug I got was during diameter Cx registration termination requests with very specific XMLs being received, I managed to hit a place that was passing a string that was not zero-terminated. The end result was a failed check against the XML schema and the request being interpreted as invalid.
I believe I've solved the issue fundamentally by using `xmlParseMemory` instead of `xmlParseDoc` because the latter requires a zero-terminated string, while the former works with a buffer length, which is exactly what the strings here do.

Reply to this email directly or view it on GitHub:
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/3050/c1064466446 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220310/c4c838ff/attachment.htm>

More information about the sr-dev mailing list