Forwarded to
list for general review.
Bug report
by Bruno:
%A is the text sent by SMSC when a Delivery Report
arrives and doesn't make sense in a get-url url, but nevertheless I've been
reported that a %A in a get-url does crash kannel.
My
review:
Tested and
confirmed, there is no check for null in url_get_pattern() for the %A token.
It is octstr_url_encode() which finally segfaults.
I propose patches in two flavors to fix this:
1) the direct approach, patching urltrans.c, this fixes the bug without additional concerns.
2) a more "deep" patch, avoiding that octstr_(url_encode|url_decode|append|insert) segfault when receiving a null Octstr*
I think both two are very straightforward.
It is octstr_url_encode() which finally segfaults.
I propose patches in two flavors to fix this:
1) the direct approach, patching urltrans.c, this fixes the bug without additional concerns.
2) a more "deep" patch, avoiding that octstr_(url_encode|url_decode|append|insert) segfault when receiving a null Octstr*
I think both two are very straightforward.
Angel FRADEJAS
Mediafusi�n Espa�a,
S.A.
Tel. +34 91 252
3200
Fax +34 91 252
5969
octstr_nulls.diff
Description: Binary data
urltrans_pattern_a.diff
Description: Binary data
