Module: kamailio Branch: master Commit: 56d1d317e4bac7130586541fed75be670ea0f9ce URL: https://github.com/kamailio/kamailio/commit/56d1d317e4bac7130586541fed75be67...
Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2017-07-04T12:00:47+02:00
mtree: access values before safety checks of variables
---
Modified: src/modules/mtree/mtree.c Modified: src/modules/mtree/mtree_mod.c
---
Diff: https://github.com/kamailio/kamailio/commit/56d1d317e4bac7130586541fed75be67... Patch: https://github.com/kamailio/kamailio/commit/56d1d317e4bac7130586541fed75be67...
---
diff --git a/src/modules/mtree/mtree.c b/src/modules/mtree/mtree.c index 433c6b4c50..c4de10c763 100644 --- a/src/modules/mtree/mtree.c +++ b/src/modules/mtree/mtree.c @@ -985,12 +985,13 @@ int mt_rpc_add_tvalues(rpc_t* rpc, void* ctx, m_tree_t *pt, str *tomatch) mt_node_t *itn; mt_is_t *tvalues; void *vstruct = NULL; - str prefix = *tomatch; + str prefix = STR_NULL;
if (pt == NULL || tomatch == NULL || tomatch->s == NULL) { LM_ERR("bad parameters\n"); return -1; } + prefix = *tomatch;
l = 0; itn = pt->head; @@ -1051,7 +1052,7 @@ int mt_rpc_match_prefix(rpc_t* rpc, void* ctx, m_tree_t *it, is_t *tvalue; mt_dw_t *dw; int tprefix_len = 0; - str prefix = *tomatch; + str prefix = STR_NULL; void *vstruct = NULL;
#define MT_MAX_DST_LIST 64 @@ -1063,6 +1064,7 @@ int mt_rpc_match_prefix(rpc_t* rpc, void* ctx, m_tree_t *it, LM_ERR("bad parameters\n"); return -1; } + prefix = *tomatch;
if (rpc->add(ctx, "S", &it->tname) < 0) { rpc->fault(ctx, 500, "Internal error adding tname"); diff --git a/src/modules/mtree/mtree_mod.c b/src/modules/mtree/mtree_mod.c index 9808018840..4ce2786afb 100644 --- a/src/modules/mtree/mtree_mod.c +++ b/src/modules/mtree/mtree_mod.c @@ -764,16 +764,20 @@ static int mt_load_db_trees() { /* check for NULL values ?!?! */ tname.s = (char*)(RES_ROWS(db_res)[i].values[0].val.string_val); - tname.len = strlen(tname.s); - tprefix.s = (char*)(RES_ROWS(db_res)[i].values[1].val.string_val); - tprefix.len = strlen(tprefix.s); - tvalue.s = (char*)(RES_ROWS(db_res)[i].values[2].val.string_val); + + if(tprefix.s==NULL || tvalue.s==NULL || tname.s==NULL) + { + LM_ERR("Error - null fields in db\n"); + continue; + } + + tname.len = strlen(tname.s); + tprefix.len = strlen(tprefix.s); tvalue.len = strlen(tvalue.s);
- if(tprefix.s==NULL || tvalue.s==NULL || tname.s==NULL || - tprefix.len<=0 || tvalue.len<=0 || tname.len<=0) + if(tname.len<=0 || tprefix.len<=0 || tvalue.len<=0) { LM_ERR("Error - bad values in db\n"); continue;