[sr-dev] git:master:159224b2: tm: function to clean local parsed headers and body for uas request

Daniel-Constantin Mierla miconda at gmail.com
Wed May 4 09:24:28 CEST 2022


Module: kamailio
Branch: master
Commit: 159224b254d9a67104c60fedab46a1b78cf19a83
URL: https://github.com/kamailio/kamailio/commit/159224b254d9a67104c60fedab46a1b78cf19a83

Author: Daniel-Constantin Mierla <miconda at gmail.com>
Committer: Daniel-Constantin Mierla <miconda at gmail.com>
Date: 2022-05-04T08:56:14+02:00

tm: function to clean local parsed headers and body for uas request

- some modules use t->uas.request for getting attributes of the
  transaction request when processing the response, which may result in
  pointers to private memory being stored in the shared memory, causing
  crashes when other processes try to use the pointers

---

Modified: src/modules/tm/t_msgbuilder.c
Modified: src/modules/tm/t_msgbuilder.h
Modified: src/modules/tm/tm_load.c
Modified: src/modules/tm/tm_load.h

---

Diff:  https://github.com/kamailio/kamailio/commit/159224b254d9a67104c60fedab46a1b78cf19a83.diff
Patch: https://github.com/kamailio/kamailio/commit/159224b254d9a67104c60fedab46a1b78cf19a83.patch

---

diff --git a/src/modules/tm/t_msgbuilder.c b/src/modules/tm/t_msgbuilder.c
index 27aaef9b5f..ad9c8ae903 100644
--- a/src/modules/tm/t_msgbuilder.c
+++ b/src/modules/tm/t_msgbuilder.c
@@ -1776,3 +1776,37 @@ char *build_uac_cancel(str *headers,str *body,struct cell *cancelledT,
 	return NULL;
 }
 
+/**
+ *
+ */
+void t_uas_request_clean_parsed(tm_cell_t *t)
+{
+	struct hdr_field *hdr;
+	void *mstart;
+	void *mend;
+
+	if (!t || !t->uas.request) {
+		return;
+	}
+
+	mstart = t->uas.request;
+	mend = t->uas.end_request;
+
+	/* free header's parsed structures that were added by failure handlers */
+	for (hdr=t->uas.request->headers; hdr; hdr=hdr->next ) {
+		if (hdr->parsed && hdr_allocs_parse(hdr)
+				&& (hdr->parsed<mstart || hdr->parsed>=mend)) {
+			/* header parsed filed doesn't point inside fake memory
+			 * chunck -> it was added by failure funcs.-> free it as pkg */
+			LM_DBG("removing hdr->parsed %d\n",	hdr->type);
+			clean_hdr_field(hdr);
+			hdr->parsed = 0;
+		}
+	}
+	/* free parsed body added by failure handlers */
+	if (t->uas.request->body) {
+		if(t->uas.request->body->free)
+			t->uas.request->body->free(&t->uas.request->body);
+		t->uas.request->body = 0;
+	}
+}
diff --git a/src/modules/tm/t_msgbuilder.h b/src/modules/tm/t_msgbuilder.h
index 46969e0d69..e22bb0e1de 100644
--- a/src/modules/tm/t_msgbuilder.h
+++ b/src/modules/tm/t_msgbuilder.h
@@ -28,7 +28,6 @@
 #include "h_table.h"
 #include "t_reply.h"
 
-
 #define CSEQ "CSeq: "
 #define CSEQ_LEN (sizeof(CSEQ)-1)
 #define TO "To: "
@@ -45,7 +44,6 @@
 #define MAXFWD_HEADER "Max-Forwards: " MAXFWD_VALUE CRLF
 #define MAXFWD_HEADER_LEN (sizeof(MAXFWD_HEADER) - 1)
 
-
 char *build_local(struct cell *Trans, unsigned int branch,
 	unsigned int *len, char *method, int method_len, str *to
 	, struct cancel_reason* reason
@@ -92,4 +90,7 @@ int t_calc_branch(struct cell *t,
 char* print_callid_mini(char* target, str callid);
 char* print_cseq_mini(char* target, str* cseq, str* method);
 
+typedef void (*t_uas_request_clean_parsed_f)(tm_cell_t *t);
+void t_uas_request_clean_parsed(tm_cell_t *t);
+
 #endif
diff --git a/src/modules/tm/tm_load.c b/src/modules/tm/tm_load.c
index 65515a3a28..8635b90eae 100644
--- a/src/modules/tm/tm_load.c
+++ b/src/modules/tm/tm_load.c
@@ -139,6 +139,7 @@ int load_tm( struct tm_binds *tmb)
 	tmb->t_next_contacts = t_next_contacts;
 	tmb->set_fr = t_set_fr;
 	tmb->t_release_transaction = t_release_transaction;
+	tmb->t_uas_request_clean_parsed = t_uas_request_clean_parsed;
 	return 1;
 }
 
diff --git a/src/modules/tm/tm_load.h b/src/modules/tm/tm_load.h
index 8190ee977c..4695a8f7e1 100644
--- a/src/modules/tm/tm_load.h
+++ b/src/modules/tm/tm_load.h
@@ -38,6 +38,7 @@
 #include "t_append_branches.h"
 #include "t_stats.h"
 #include "t_serial.h"
+#include "t_msgbuilder.h"
 
 /* export not usable from scripts */
 #define NO_SCRIPT	-1
@@ -122,6 +123,7 @@ struct tm_binds {
 	cmd_function	t_next_contacts;
 	tset_fr_f set_fr;
 	trelease_t      t_release_transaction;
+	t_uas_request_clean_parsed_f t_uas_request_clean_parsed;
 };
 
 typedef struct tm_binds tm_api_t;




More information about the sr-dev mailing list