[sr-dev] git:master:8c428bfa: Merge pull request #1206 from codyherzog/master

Mon, 07 Aug 2017 12:59:28 -0700 

Module: kamailio
Branch: master
Commit: 8c428bfae9e51989734d3c1535bcac24581cfe15
URL: 
https://github.com/kamailio/kamailio/commit/8c428bfae9e51989734d3c1535bcac24581cfe15

Author: Daniel-Constantin Mierla <[email protected]>
Committer: GitHub <[email protected]>
Date: 2017-08-07T21:56:15+02:00

Merge pull request #1206 from codyherzog/master

textops: Fix 'offset exceeds message size' crash.

---

Modified: src/modules/textops/textops.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/8c428bfae9e51989734d3c1535bcac24581cfe15.diff
Patch: 
https://github.com/kamailio/kamailio/commit/8c428bfae9e51989734d3c1535bcac24581cfe15.patch

---

diff --git a/src/modules/textops/textops.c b/src/modules/textops/textops.c
index 5048fbae5d..655f638154 100644
--- a/src/modules/textops/textops.c
+++ b/src/modules/textops/textops.c
@@ -682,12 +682,19 @@ static int subst_helper_f(sip_msg_t* msg, struct 
subst_expr* se)
        int off;
        int ret;
        int nmatches;
+       char c;
 
        begin=get_header(msg);  /* start after first line to avoid replacing
                                                        * the uri */
        off=begin-msg->buf;
        ret=-1;
-       if ((lst=subst_run(se, begin, msg, &nmatches))==0)
+
+       c = msg->buf[msg->len];
+       msg->buf[msg->len] = '\0';
+       lst=subst_run(se, begin, msg, &nmatches);
+       msg->buf[msg->len] = c;
+
+       if (lst==0)
                goto error; /* not found */
        for (rpl=lst; rpl; rpl=rpl->next){
                LM_DBG("%s: replacing at offset %d [%.*s] with [%.*s]\n",
@@ -826,6 +833,7 @@ static int subst_body_helper_f(struct sip_msg* msg, struct 
subst_expr* se)
        int ret;
        int nmatches;
        str body;
+       char c;
 
        body.s = get_body(msg);
        if (body.s==0) {
@@ -842,7 +850,13 @@ static int subst_body_helper_f(struct sip_msg* msg, struct 
subst_expr* se)
 
        off=begin-msg->buf;
        ret=-1;
-       if ((lst=subst_run(se, begin, msg, &nmatches))==0)
+
+       c = body.s[body.len];
+       body.s[body.len] = '\0';
+       lst=subst_run(se, begin, msg, &nmatches);
+       body.s[body.len] = c;
+
+       if (lst==0)
                goto error; /* not found */
        for (rpl=lst; rpl; rpl=rpl->next){
                LM_DBG("%s replacing at offset %d [%.*s] with [%.*s]\n",


_______________________________________________
Kamailio (SER) - Development Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to