[sr-dev] git:master:d7e42cee: modules/ims_registrar_scscf: fixed segfault on multiple impu when building notify

12 Feb 2016

Module: kamailio
Branch: master
Commit: d7e42ceef76e66b06d97159e71043fd552a29e8c
URL: https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd…

Author: jaybeepee &lt;jason.penton(a)gmail.com&gt;
Committer: jaybeepee &lt;jason.penton(a)gmail.com&gt;
Date: 2016-02-12T20:48:14+02:00

modules/ims_registrar_scscf: fixed segfault on multiple impu when building notify
    - also reported and fixed by Dragos Oancea

---

Modified: modules/ims_registrar_scscf/registrar_notify.c

---

Diff: 
https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd…
Patch:
https://github.com/kamailio/kamailio/commit/d7e42ceef76e66b06d97159e71043fd…

---

diff --git a/modules/ims_registrar_scscf/registrar_notify.c
b/modules/ims_registrar_scscf/registrar_notify.c
index df1f0b1..70eb978 100644
--- a/modules/ims_registrar_scscf/registrar_notify.c
+++ b/modules/ims_registrar_scscf/registrar_notify.c
@@ -2006,9 +2006,9 @@ reg_notification * new_notification(str subscription_state,
     char *p;
 
     len = sizeof (reg_notification) + r->call_id.len + r->from_tag.len +
r->to_tag.len + r->watcher_uri.len + r->watcher_contact.len +
-            r->record_route.len + r->sockinfo_str.len + r->presentity_uri.len +
subscription_state.len + content_type.len + (num_impus*sizeof(str)); // + buf.len;
+            r->record_route.len + r->sockinfo_str.len + r->presentity_uri.len +
subscription_state.len + content_type.len + (num_impus)*sizeof(str); // + buf.len;
     for (i=0; i<num_impus; i++) {
-        len += impus[i]->len;
+        len += (*impus)[i].len;
     }
 
     LM_DBG("Creating new notification");
@@ -2084,13 +2084,13 @@ reg_notification * new_notification(str subscription_state,
     p += content_type.len;
     LM_DBG("Notification content type: [%.*s]", n->content_type.len,
n->content_type.s);
 
-    n->impus = p;
+    n->impus = (str*)p;
     p += sizeof(str)*num_impus;
     for (i=0; i<num_impus; i++) {
         n->impus[i].s = p;
-        memcpy(p, impus[i]->s, impus[i]->len);
-        n->impus[i].len = impus[i]->len;
-        p += impus[i]->len;
+        memcpy(p, (*impus)[i].s, (*impus)[i].len);
+        n->impus[i].len = (*impus)[i].len;
+        p += (*impus)[i].len;
     }
     n->num_impus = num_impus;
     



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

[sr-dev] git:master:d7e42cee: modules/ims_registrar_scscf: fixed segfault on multiple impu when building notify