Module: kamailio Branch: master Commit: e13c49fbce91511bd543e85eeca5dd4651340bec URL: https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec
Author: Daniel-Constantin Mierla <[email protected]> Committer: Daniel-Constantin Mierla <[email protected]> Date: 2026-05-16T09:23:27+02:00 imc: gradual building of headers with size checks --- Modified: src/modules/imc/imc.c Modified: src/modules/imc/imc_cmd.c --- Diff: https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec.diff Patch: https://github.com/kamailio/kamailio/commit/e13c49fbce91511bd543e85eeca5dd4651340bec.patch --- diff --git a/src/modules/imc/imc.c b/src/modules/imc/imc.c index 6203398002b..471b18fd68e 100644 --- a/src/modules/imc/imc.c +++ b/src/modules/imc/imc.c @@ -59,7 +59,7 @@ MODULE_VERSION /** header variables */ str imc_hdrs = str_init("Supported: kamailio/imc\r\n"); char hdr_buf[1024]; -str all_hdrs; +str all_hdrs = str_init(""); /** parameters */ db1_con_t *imc_db = NULL; @@ -185,7 +185,7 @@ static int mod_init(void) } if(extra_hdrs.s) { - if(extra_hdrs.len + imc_hdrs.len > 1024) { + if(extra_hdrs.len + imc_hdrs.len >= 1024) { LM_ERR("extra_hdrs too long\n"); return -1; } diff --git a/src/modules/imc/imc_cmd.c b/src/modules/imc/imc_cmd.c index 38d19fdd2c2..b3f000c2058 100644 --- a/src/modules/imc/imc_cmd.c +++ b/src/modules/imc/imc_cmd.c @@ -112,22 +112,28 @@ static str *build_headers(struct sip_msg *msg) str *callid; str ctbody = STR_NULL; + buf[0] = '\0'; rv.s = buf; rv.len = all_hdrs.len; - if(msg->content_type != NULL) { - ctbody = msg->content_type->body; - rv.len += ctname.len + ctbody.len; - } - - if(rv.len > sizeof(buf)) { + if(rv.len > sizeof(buf) - 1) { LM_ERR("headers too long\n"); + rv.len = 0; return &rv; } - memcpy(buf, all_hdrs.s, all_hdrs.len); - if(ctbody.len > 0) { - memcpy(buf + all_hdrs.len, ctname.s, ctname.len); - memcpy(buf + all_hdrs.len + ctname.len, ctbody.s, ctbody.len); + + if(msg->content_type != NULL) { + ctbody = msg->content_type->body; + rv.len += ctname.len + ctbody.len; + if(rv.len > sizeof(buf) - 1) { + LM_ERR("buffer too small for Content-Type header\n"); + rv.len -= ctname.len + ctbody.len; + return &rv; + } + if(ctbody.len > 0) { + memcpy(buf + all_hdrs.len, ctname.s, ctname.len); + memcpy(buf + all_hdrs.len + ctname.len, ctbody.s, ctbody.len); + } } if((callid = get_callid(msg)) == NULL) { @@ -135,9 +141,9 @@ static str *build_headers(struct sip_msg *msg) } rv.len += nl.len + name.len + callid->len; - - if(rv.len > sizeof(buf)) { - LM_ERR("Header buffer too small for In-Reply-To header\n"); + if(rv.len > sizeof(buf) - 1) { + LM_ERR("buffer too small for In-Reply-To header\n"); + rv.len -= nl.len + name.len + callid->len; return &rv; } _______________________________________________ Kamailio - Development Mailing List -- [email protected] To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender!
