Module: kamailio
Branch: master
Commit: e13c49fbce91511bd543e85eeca5dd4651340bec
URL: 
https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec

Author: Daniel-Constantin Mierla <[email protected]>
Committer: Daniel-Constantin Mierla <[email protected]>
Date: 2026-05-16T09:23:27+02:00

imc: gradual building of headers with size checks

---

Modified: src/modules/imc/imc.c
Modified: src/modules/imc/imc_cmd.c

---

Diff:  
https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec.diff
Patch: 
https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec.patch

---

diff --git a/src/modules/imc/imc.c b/src/modules/imc/imc.c
index 6203398002b..471b18fd68e 100644
--- a/src/modules/imc/imc.c
+++ b/src/modules/imc/imc.c
@@ -59,7 +59,7 @@ MODULE_VERSION
 /** header variables */
 str imc_hdrs = str_init("Supported: kamailio/imc\r\n");
 char hdr_buf[1024];
-str all_hdrs;
+str all_hdrs = str_init("");
 
 /** parameters */
 db1_con_t *imc_db = NULL;
@@ -185,7 +185,7 @@ static int mod_init(void)
        }
 
        if(extra_hdrs.s) {
-               if(extra_hdrs.len + imc_hdrs.len > 1024) {
+               if(extra_hdrs.len + imc_hdrs.len >= 1024) {
                        LM_ERR("extra_hdrs too long\n");
                        return -1;
                }
diff --git a/src/modules/imc/imc_cmd.c b/src/modules/imc/imc_cmd.c
index 38d19fdd2c2..b3f000c2058 100644
--- a/src/modules/imc/imc_cmd.c
+++ b/src/modules/imc/imc_cmd.c
@@ -112,22 +112,28 @@ static str *build_headers(struct sip_msg *msg)
        str *callid;
        str ctbody = STR_NULL;
 
+       buf[0] = '\0';
        rv.s = buf;
        rv.len = all_hdrs.len;
-       if(msg->content_type != NULL) {
-               ctbody = msg->content_type->body;
-               rv.len += ctname.len + ctbody.len;
-       }
-
-       if(rv.len > sizeof(buf)) {
+       if(rv.len > sizeof(buf) - 1) {
                LM_ERR("headers too long\n");
+               rv.len = 0;
                return &rv;
        }
-
        memcpy(buf, all_hdrs.s, all_hdrs.len);
-       if(ctbody.len > 0) {
-               memcpy(buf + all_hdrs.len, ctname.s, ctname.len);
-               memcpy(buf + all_hdrs.len + ctname.len, ctbody.s, ctbody.len);
+
+       if(msg->content_type != NULL) {
+               ctbody = msg->content_type->body;
+               rv.len += ctname.len + ctbody.len;
+               if(rv.len > sizeof(buf) - 1) {
+                       LM_ERR("buffer too small for Content-Type header\n");
+                       rv.len -= ctname.len + ctbody.len;
+                       return &rv;
+               }
+               if(ctbody.len > 0) {
+                       memcpy(buf + all_hdrs.len, ctname.s, ctname.len);
+                       memcpy(buf + all_hdrs.len + ctname.len, ctbody.s, 
ctbody.len);
+               }
        }
 
        if((callid = get_callid(msg)) == NULL) {
@@ -135,9 +141,9 @@ static str *build_headers(struct sip_msg *msg)
        }
 
        rv.len += nl.len + name.len + callid->len;
-
-       if(rv.len > sizeof(buf)) {
-               LM_ERR("Header buffer too small for In-Reply-To header\n");
+       if(rv.len > sizeof(buf) - 1) {
+               LM_ERR("buffer too small for In-Reply-To header\n");
+               rv.len -= nl.len + name.len + callid->len;
                return &rv;
        }
 

_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the 
sender!

Reply via email to