Module: kamailio Branch: master Commit: 5f872526a4927703f404a57b7ab774675e0fb2be URL: https://github.com/kamailio/kamailio/commit/5f872526a4927703f404a57b7ab774675e0fb2be
Author: Daniel-Constantin Mierla <[email protected]> Committer: Daniel-Constantin Mierla <[email protected]> Date: 2018-10-15T12:58:08+02:00 smsops: free allocated structure in case of error handling --- Modified: src/modules/smsops/smsops_impl.c --- Diff: https://github.com/kamailio/kamailio/commit/5f872526a4927703f404a57b7ab774675e0fb2be.diff Patch: https://github.com/kamailio/kamailio/commit/5f872526a4927703f404a57b7ab774675e0fb2be.patch --- diff --git a/src/modules/smsops/smsops_impl.c b/src/modules/smsops/smsops_impl.c index efc580759e..8150d081d6 100644 --- a/src/modules/smsops/smsops_impl.c +++ b/src/modules/smsops/smsops_impl.c @@ -564,6 +564,7 @@ int decode_3gpp_sms(struct sip_msg *msg) { // Check for malicious length, which might cause buffer overflow if(udh_read + ie->data.len + 2 /* two octets are read so far */ > udh_len) { + pkg_free(ie); LM_ERR("IE Lenght for IE id %d is bigger than the remaining User-Data element!\n", ie->identifier); return -1; @@ -571,6 +572,7 @@ int decode_3gpp_sms(struct sip_msg *msg) { if(ie->identifier == TP_UDH_IE_CONCAT_SM_8BIT_REF) { if(contains_8bit_refnum) { + pkg_free(ie); LM_ERR("IE Concatenated Short Message 8bit Reference occured more than once in UDH\n"); return -1; } @@ -584,6 +586,7 @@ int decode_3gpp_sms(struct sip_msg *msg) { else { /* Unsupported IE, save it as binary */ ie->data.s = pkg_malloc(ie->data.len); if(ie->data.s == NULL) { + pkg_free(ie); LM_ERR("no more pkg\n"); return -1; } _______________________________________________ Kamailio (SER) - Development Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
