[sr-dev] git:master:5613130b: topos: free temporary sip msg structure when handling 100 replies

Fri, 21 Apr 2017 07:10:44 -0700 

Module: kamailio
Branch: master
Commit: 5613130b8d1e5b75668bcf1635ce43ea9852f2ef
URL: 
https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef

Author: Daniel-Constantin Mierla <[email protected]>
Committer: Daniel-Constantin Mierla <[email protected]>
Date: 2017-04-21T16:10:06+02:00

topos: free temporary sip msg structure when handling 100 replies

- it can lead to memory leak, reported by Sergey Basov

---

Modified: src/modules/topos/topos_mod.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef.diff
Patch: 
https://github.com/kamailio/kamailio/commit/5613130b8d1e5b75668bcf1635ce43ea9852f2ef.patch

---

diff --git a/src/modules/topos/topos_mod.c b/src/modules/topos/topos_mod.c
index 14297f7..7b1ef89 100644
--- a/src/modules/topos/topos_mod.c
+++ b/src/modules/topos/topos_mod.c
@@ -280,12 +280,14 @@ int tps_msg_received(void *data)
        str *obuf;
        char *nbuf = NULL;
        int dialog;
+       int ret;
 
        obuf = (str*)data;
        memset(&msg, 0, sizeof(sip_msg_t));
        msg.buf = obuf->s;
        msg.len = obuf->len;
 
+       ret = 0;
        if(tps_prepare_msg(&msg)!=0) {
                goto done;
        }
@@ -310,17 +312,22 @@ int tps_msg_received(void *data)
                /* reply */
                if(msg.first_line.u.reply.statuscode==100) {
                        /* nothing to do - it should be absorbed */
-                       return 0;
+                       goto done;
                }
                tps_response_received(&msg);
        }
 
        nbuf = tps_msg_update(&msg, (unsigned int*)&obuf->len);
 
+       if(nbuf==NULL) {
+               LM_ERR("not enough pkg memory for new message\n");
+               ret = -1;
+               goto done;
+       }
        if(obuf->len>=BUF_SIZE) {
                LM_ERR("new buffer overflow (%d)\n", obuf->len);
-               pkg_free(nbuf);
-               return -1;
+               ret = -1;
+               goto done;
        }
        memcpy(obuf->s, nbuf, obuf->len);
        obuf->s[obuf->len] = '\0';
@@ -329,7 +336,7 @@ int tps_msg_received(void *data)
        if(nbuf!=NULL)
                pkg_free(nbuf);
        free_sip_msg(&msg);
-       return 0;
+       return ret;
 }
 
 /**
@@ -368,7 +375,7 @@ int tps_msg_sent(void *data)
                /* reply */
                if(msg.first_line.u.reply.statuscode==100) {
                        /* nothing to do - it should be locally generated */
-                       return 0;
+                       goto done;
                }
                tps_response_sent(&msg);
        }


_______________________________________________
Kamailio (SER) - Development Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to