[sr-dev] git:5.0:7931da0c: topoh: improve checks for via header processing

Wed, 03 Apr 2019 14:27:52 -0700 

Module: kamailio
Branch: 5.0
Commit: 7931da0ca46626d7bb06c631e0be012f9ee8d3ea
URL: 
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012f9ee8d3ea

Author: Henning Westerholt <[email protected]>
Committer: Henning Westerholt <[email protected]>
Date: 2019-04-03T23:24:45+02:00

topoh: improve checks for via header processing

(cherry picked from commit 78ccdb7ff1ebc34748092fe01ff249f5eeb661c8)

---

Modified: src/modules/topoh/th_mask.c
Modified: src/modules/topoh/th_msg.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012f9ee8d3ea.diff
Patch: 
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012f9ee8d3ea.patch

---

diff --git a/src/modules/topoh/th_mask.c b/src/modules/topoh/th_mask.c
index 2c0d1aa24f..fce9255f20 100644
--- a/src/modules/topoh/th_mask.c
+++ b/src/modules/topoh/th_mask.c
@@ -141,6 +141,12 @@ char* th_mask_decode(char *in, int ilen, str *prefix, int 
extra, int *olen)
 
        *olen = (((ilen-((prefix!=NULL&&prefix->len>0)?prefix->len:0)) * 6) >> 
3)
                                - n;
+
+       if (*olen<=0) {
+               LM_ERR("invalid olen parameter calculated, can't continue 
%d\n", *olen);
+               return NULL;
+       }
+
        out = (char*)pkg_malloc((*olen+1+extra)*sizeof(char));
 
        if(out==NULL)
diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c
index c2c1ee6e32..f0c3420309 100644
--- a/src/modules/topoh/th_msg.c
+++ b/src/modules/topoh/th_msg.c
@@ -411,7 +411,7 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
                                else
                                        out.s = th_mask_decode(vp->value.s, 
vp->value.len,
                                                        &th_vparam_prefix, 0, 
&out.len);
-                               if(out.s==NULL)
+                               if(out.s==NULL || out.len<=0)
                                {
                                        LM_ERR("cannot decode via %d\n", i);
                                        return -1;
@@ -945,7 +945,12 @@ int th_add_via_cookie(sip_msg_t *msg, struct via_body *via)
        if (via->params.s) {
                viap = via->params.s - via->hdr.s - 1;
        } else {
-               viap = via->host.s - via->hdr.s + via->host.len;
+               if (via->host.s) {
+                       viap = via->host.s - via->hdr.s + via->host.len;
+               } else {
+                       LM_ERR("no via parameter and no via host, can't insert 
cookie\n");
+                       return -1;
+               }
                if (via->port!=0)
                        viap += via->port_str.len + 1; /* +1 for ':'*/
        }


_______________________________________________
Kamailio (SER) - Development Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

Reply via email to