Module: kamailio Branch: 5.0 Commit: 06c6a73f05740bc017048c73a9479715f3d1ac0b URL: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b
Author: Daniel-Constantin Mierla <[email protected]> Committer: Henning Westerholt <[email protected]> Date: 2019-04-03T23:26:50+02:00 topoh: detect when via param is shorter than expected prefix (cherry picked from commit e6950ffb1985493e717e3d774eddad779aed1514) --- Modified: src/modules/topoh/th_msg.c --- Diff: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b.diff Patch: https://github.com/kamailio/kamailio/commit/06c6a73f05740bc017048c73a9479715f3d1ac0b.patch --- diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c index 3de34f13f1..f8a8180727 100644 --- a/src/modules/topoh/th_msg.c +++ b/src/modules/topoh/th_msg.c @@ -410,12 +410,17 @@ int th_unmask_via(sip_msg_t *msg, str *cookie) LM_ERR("cannot find param in via %d\n", i); return -1; } - if(i==2) + if(vp->value.len <= th_vparam_prefix.len) { + LM_ERR("invalid param len in via %d\n", i); + return -1; + } + if(i==2) { out.s = th_mask_decode(vp->value.s, vp->value.len, &th_vparam_prefix, CRLF_LEN+1, &out.len); - else + } else { out.s = th_mask_decode(vp->value.s, vp->value.len, &th_vparam_prefix, 0, &out.len); + } if(out.s==NULL || out.len<=0) { LM_ERR("cannot decode via %d\n", i); _______________________________________________ Kamailio (SER) - Development Mailing List [email protected] https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
