28 Jul
2019
28 Jul
'19
1:10 p.m.
urtho commented on this pull request.
+ return -1;
+ }
+ dsize = sizeof(async_task_t) + sizeof(async_task_param_t) + sizeof(async_ms_item_t);
+
+ at = (async_task_t *)shm_malloc(dsize);
+ if(at == NULL) {
+ LM_ERR("no more shm memory\n");
+ return -1;
+ }
+ memset(at, 0, dsize);
+ at->param = (char *)at + sizeof(async_task_t);
+ atp = (async_task_param_t *)at->param;
+ ai = (async_ms_item_t *) ((char *)at + sizeof(async_task_t) +
sizeof(async_task_param_t));
+ ai->at = at;
+
+ if(cbname && cbname->len>=ASYNC_CBNAME_SIZE-1) {
The allocation is done too early. Moving it past all the input and transaction validation.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/2016#discussion_r307996641