You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
Hi Carsten,
I am on 5.1. I did a simpler version there.
diff --git a/src/modules/ims_registrar_scscf/lookup.c b/src/modules/ims_registrar_scscf/lookup.c
index 548944020..43d83194e 100644
--- a/src/modules/ims_registrar_scscf/lookup.c
+++ b/src/modules/ims_registrar_scscf/lookup.c
@@ -69,8 +69,9 @@ int lookup(struct sip_msg* _m, udomain_t* _d, char* ue_type_c) {
flag_t old_bflags;
int i = 0;
int ue_type; /*0=any, 1=3gpp, 2=sip */
- impu_contact_t *impucontact;
-
+ impu_contact_t *impucontact;
+ char aor_buf[1024];
+
if (!_m) {
LM_ERR("NULL message!!!\n");
return -1;
@@ -94,6 +95,13 @@ int lookup(struct sip_msg* _m, udomain_t* _d, char* ue_type_c) {
if (_m->new_uri.s) aor = _m->new_uri;
else aor = _m->first_line.u.request.uri;
+ if (aor.len > sizeof(aor_buf)) {
+ LM_ERR("AOR is too long\n");
+ return -1;
+ }
+ memcpy(aor_buf, aor.s, aor.len);
+ aor.s = aor_buf;
+
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.