Module: sip-router Branch: 4.0 Commit: f934f4ffed51b143570d76a2786f5e490c5ff265 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=f934f4ffed51b143570d76a2786f5e490c5ff265
Author: Daniel-Constantin Mierla <[email protected]> Committer: Daniel-Constantin Mierla <[email protected]> Date: Fri May 2 21:50:14 2014 +0200 dialog: copy dlg var value locally on get operation - reference to shared memory exposes risk on accessing an invalid pointer if anothe process updates it - reported by Dragos Oancea (cherry picked from commit bb3eed8aabea9f63c9922f71714aea242771db02) (cherry picked from commit b76eb77a36a5e751d792cb7e0d60f4750976e322) --- modules/dialog/dlg_var.c | 18 ++++++++++++++++-- 1 files changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/dialog/dlg_var.c b/modules/dialog/dlg_var.c index 0d8a1c7..6e29ac0 100644 --- a/modules/dialog/dlg_var.c +++ b/modules/dialog/dlg_var.c @@ -284,6 +284,7 @@ int pv_get_dlg_variable(struct sip_msg *msg, pv_param_t *param, pv_value_t *res) { dlg_cell_t *dlg; str * value; + str spv; if (param==NULL || param->pvn.type!=PV_NAME_INTSTR || param->pvn.u.isname.type!=AVP_NAME_STR @@ -306,6 +307,19 @@ int pv_get_dlg_variable(struct sip_msg *msg, pv_param_t *param, pv_value_t *res) /* dcm: todo - the value should be cloned for safe usage */ value = get_dlg_variable_unsafe(dlg, ¶m->pvn.u.isname.name.s); + spv.s = NULL; + if(value) { + spv.len = pv_get_buffer_size(); + if(spv.len<value->len+1) { + LM_ERR("pv buffer too small (%d) - needed %d\n", spv.len, value->len); + } else { + spv.s = pv_get_buffer(); + strncpy(spv.s, value->s, value->len); + spv.len = value->len; + spv.s[spv.len] = '\0'; + } + } + print_lists(dlg); /* unlock dialog */ @@ -314,8 +328,8 @@ int pv_get_dlg_variable(struct sip_msg *msg, pv_param_t *param, pv_value_t *res) dlg_release(dlg); } - if (value) - return pv_get_strval(msg, param, res, value); + if (spv.s) + return pv_get_strval(msg, param, res, &spv); return pv_get_null(msg, param, res); _______________________________________________ sr-dev mailing list [email protected] http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
