[sr-dev] git:master:63095ef1: lib/ims: check return of strtok(...)

Module: kamailio Branch: master Commit: 63095ef1bef36a35952ed265f41d87ccbc1bba70 URL: https://github.com/kamailio/kamailio/commit/63095ef1bef36a35952ed265f41d87c… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2023-02-07T12:57:04+01:00 lib/ims: check return of strtok(...) --- Modified: src/lib/ims/ims_getters.c --- Diff: https://github.com/kamailio/kamailio/commit/63095ef1bef36a35952ed265f41d87c… Patch: https://github.com/kamailio/kamailio/commit/63095ef1bef36a35952ed265f41d87c… --- diff --git a/src/lib/ims/ims_getters.c b/src/lib/ims/ims_getters.c index 1e47e20e3d..1dda5f139b 100644 --- a/src/lib/ims/ims_getters.c +++ b/src/lib/ims/ims_getters.c @@ -1247,12 +1247,13 @@ int cscf_get_p_charging_vector(struct sip_msg *msg, str * icid, str * orig_ioi, LM_DBG("p_charging_vector body is %.*s\n", header_body.len, header_body.s); p = strtok(header_body.s, " ;:\r\t\n\"="); - loop: if (p > (header_body.s + header_body.len)) +loop: + if (p == NULL || p > (header_body.s + header_body.len)) return 1; if (strncmp(p, "icid-value", 10) == 0) { p = strtok(NULL, " ;:\r\t\n\"="); - if (p > (header_body.s + header_body.len)) { + if (p == NULL || p > (header_body.s + header_body.len)) { LM_ERR("cscf_get_p_charging_vector: no value for icid\n"); return 0; } @@ -1272,7 +1273,7 @@ int cscf_get_p_charging_vector(struct sip_msg *msg, str * icid, str * orig_ioi, } else if (strncmp(p, "orig-ioi", 8) == 0) { p = strtok(NULL, " ;:\r\t\n\"="); - if (p > (header_body.s + header_body.len)) { + if (p == NULL || p > (header_body.s + header_body.len)) { LM_ERR("cscf_get_p_charging_vector: no value for icid\n"); return 0; } @@ -1292,7 +1293,7 @@ int cscf_get_p_charging_vector(struct sip_msg *msg, str * icid, str * orig_ioi, } else if (strncmp(p, "term-ioi", 8) == 0) { p = strtok(NULL, " ;:\r\t\n\"="); - if (p > (header_body.s + header_body.len)) { + if (p == NULL || p > (header_body.s + header_body.len)) { LM_ERR("cscf_get_p_charging_vector: no value for icid\n"); return 0; } @@ -1314,7 +1315,7 @@ int cscf_get_p_charging_vector(struct sip_msg *msg, str * icid, str * orig_ioi, LM_DBG("end\n"); str_free(header_body, pkg); return 1; - out_of_memory: +out_of_memory: PKG_MEM_ERROR; return 0; }