Module: kamailio Branch: 5.7 Commit: 49135f37d94aaf49a1c6b6a47bdc5a80bd3e5028 URL: https://github.com/kamailio/kamailio/commit/49135f37d94aaf49a1c6b6a47bdc5a8… Author: Daniel-Constantin Mierla <miconda(a)gmail.com> Committer: Daniel-Constantin Mierla <miconda(a)gmail.com> Date: 2024-05-07T17:31:14+02:00 core: parser/contact - add limit for max number of contacts - defined to 256 (cherry picked from commit d6b0beb5a219ae57a62e9e7201a6ec1fe66e5a96) (cherry picked from commit 5b97d29f1bbac2656eba506c7fd94b412dfb9b7f) --- Modified: src/core/parser/contact/contact.c --- Diff: https://github.com/kamailio/kamailio/commit/49135f37d94aaf49a1c6b6a47bdc5a8… Patch: https://github.com/kamailio/kamailio/commit/49135f37d94aaf49a1c6b6a47bdc5a8… --- diff --git a/src/core/parser/contact/contact.c b/src/core/parser/contact/contact.c index 3c66a2082b0..56a37af1785 100644 --- a/src/core/parser/contact/contact.c +++ b/src/core/parser/contact/contact.c @@ -209,6 +209,8 @@ static inline int skip_name(str *_s) } +#define KSR_MAX_CONTACTS 256 + /* * Parse contacts in a Contact HF */ @@ -217,9 +219,11 @@ int parse_contacts(str *_s, contact_t **_c) contact_t *c; param_hooks_t hooks; str sv; + int n; sv = *_s; + n = 0; while(1) { /* Allocate and clear contact structure */ c = (contact_t *)pkg_malloc(sizeof(contact_t)); @@ -261,7 +265,6 @@ int parse_contacts(str *_s, contact_t **_c) LM_ERR("invalid contact uri\n"); goto error; } - if(_s->len == 0) goto ok; @@ -301,7 +304,12 @@ int parse_contacts(str *_s, contact_t **_c) c->next = *_c; *_c = c; c = NULL; + n++; + if(n > KSR_MAX_CONTACTS) { + LM_ERR("too many contacts: %d\n", n); + return -1; + } if(_s->len == 0) { LM_ERR("text after comma missing\n"); goto error;