Module: sip-router Branch: master Commit: 9fc34aad6328a92b7572ae077d9ff4d2699dbb48 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=9fc34aad...
Author: Alex Balashov abalashov@evaristesys.com Committer: Alex Balashov abalashov@evaristesys.com Date: Sun Aug 5 08:22:12 2012 -0400
core: Added null pointer check to parser/msg_parser.c:get_hdr_field().
Encountered crash bug in which 'buf' pointer passed to get_hdr_field() was null. There is no null check, so attempts to dereference it lead to a crash:
Core was generated by `/usr/local/sbin/kamailio -P /var/run/kamailio.pid -m 1024 -u root -g root -f /r'. Program terminated with signal 11, Segmentation fault. at parser/msg_parser.c:102 102 if ((*buf)=='\n' || (*buf)=='\r'){
Fixed by adding a check for buf == NULL to top of function.
---
parser/msg_parser.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/parser/msg_parser.c b/parser/msg_parser.c index 803ee07..b279e47 100644 --- a/parser/msg_parser.c +++ b/parser/msg_parser.c @@ -96,6 +96,11 @@ char* get_hdr_field(char* const buf, char* const end, struct hdr_field* const hd int integer, err; unsigned uval;
+ if(!buf) { + DBG("null buffer pointer\n"); + goto error; + } + if ((*buf)=='\n' || (*buf)=='\r'){ /* double crlf or lflf or crcr */ DBG("found end of header\n");