Hello,
while investigating https://github.com/kamailio/kamailio/issues/212, I noticed some potential issues in http_query() from utils module. Not being the developer and not using this function myself that much so far, I wanted to get others reviewing my remarks.
1) at line 168 in the modules/utils/functions.c, download_size is get via CURL option and it is used in the following lines as size of stream.buf, which is allocated with pkg, but set to have the size stream.curr_size. For me it doesn't look safe to use download_size as limit to walk through stream.buf
2) same for setting the value of PV, when CRLF is not found download_size is used
3) in write_function(), it seems that for successive calls of the function one extra byte is added to the size. It is intended for keeping ending '\0', but should be enough only once. Could be harmless (few extra bytes allocated, when not really needed), but is important to know that actual value is up to stream.pos+1 (to include the '\0'), not to stream.curr_size.
Are those above valid, or did I miss something?
Cheers, Daniel