Module: sip-router Branch: luismartingil/msrp_crash Commit: 23ad1fb98941507338edba7136327896033ed18f URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=23ad1fb9...
Author: Luis Martin Gil martingil.luis@gmail.com Committer: Luis Martin Gil martingil.luis@gmail.com Date: Wed Apr 16 14:55:35 2014 +0000
msrp: improved parser
- msrp parser patched so Kamailio doesn't crash when receiving non-rfc4975 compliant msrp messages
---
modules/msrp/msrp_parser.c | 31 ++++++++++++++++++++++++++++++- 1 files changed, 30 insertions(+), 1 deletions(-)
diff --git a/modules/msrp/msrp_parser.c b/modules/msrp/msrp_parser.c index d7a2ced..8df1a92 100644 --- a/modules/msrp/msrp_parser.c +++ b/modules/msrp/msrp_parser.c @@ -81,7 +81,7 @@ int msrp_parse_frame(msrp_frame_t *mf) } if(msrp_parse_headers(mf)<0) { - LM_ERR("unable to parse first line\n"); + LM_ERR("unable to parse headers\n"); return -1; } return 0; @@ -221,6 +221,10 @@ int msrp_parse_headers(msrp_frame_t *mf) msrp_hdr_t *hdr; msrp_hdr_t *last;
+ int fpath = 0; /* From path set */ + int tpath = 0; /* To path set */ + int any = 0; /* Any header set */ + /* already parsed?!? */ if(mf->headers != NULL) return 0; @@ -291,12 +295,37 @@ int msrp_parse_headers(msrp_frame_t *mf) } msrp_hdr_set_type(hdr); + if (hdr->htype == MSRP_HDR_TO_PATH) { + tpath = 1; + if (fpath || any) { + LM_ERR("broken msrp frame message, To-Path must be the first header.\n"); + return -1; + } + } else if (hdr->htype == MSRP_HDR_FROM_PATH) { + fpath = 1; + if (!tpath || any) { + LM_ERR("broken msrp frame message, From-Path must be the second header.\n"); + return -1; + } + } else { + any = 1; + if (!tpath || !fpath) { + LM_ERR("broken msrp frame message, To-Path and From-Path must be defined before any header.\n"); + return -1; + } + } + LM_DBG("MSRP Header: (%p) [%.*s] [%d] [%.*s]\n", hdr, hdr->name.len, hdr->name.s, hdr->htype, hdr->body.len, hdr->body.s); s = l + 1; }
+ if (!tpath || !fpath) { + LM_ERR("broken msrp frame message, To-Path and From-Path must be defined.\n"); + return -1; + } + ateoh: if(mf->mbody.s!=NULL) {