[sr-dev] [kamailio/kamailio] ims_registrar_scscf: use xmlParseMemory instead of xmlParseDoc (PR #3050)

alexyosifov notifications at github.com
Fri Mar 11 08:33:04 CET 2022

> The bug I encountered was quite the corner case, I'm not surprised nobody's noticed it. It's because the strings here are not zero-terminated by default, but `parse_user_data` requires a zero-terminated string by virtue of documentation. The bug I got was during diameter Cx registration termination requests with very specific XMLs being received, I managed to hit a place that was passing a string that was not zero-terminated. The end result was a failed check against the XML schema and the request being interpreted as invalid. I believe I've solved the issue fundamentally by using `xmlParseMemory` instead of `xmlParseDoc` because the latter requires a zero-terminated string, while the former works with a buffer length, which is exactly what the strings here do.


Reply to this email directly or view it on GitHub:
You are receiving this because you are subscribed to this thread.

Message ID: <kamailio/kamailio/pull/3050/c1064849768 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20220310/38ee2c81/attachment.htm>

More information about the sr-dev mailing list