Module: kamailio Branch: 4.1 Commit: cb65228e2509cef518d595cc4737994393f7d51e URL: https://github.com/kamailio/kamailio/commit/cb65228e2509cef518d595cc4737994… Author: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Committer: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Date: 2015-11-03T16:35:21+02:00 dialog: Sanity checks Add NULL checks for the parse_dlg_rr_param(). Segfault when 'did' parameter was empty in the Route header (e.g. 'did='). --- Modified: modules/dialog/dlg_handlers.c --- Diff: https://github.com/kamailio/kamailio/commit/cb65228e2509cef518d595cc4737994… Patch: https://github.com/kamailio/kamailio/commit/cb65228e2509cef518d595cc4737994… --- diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c index 1991eee..f9a645c 100644 --- a/modules/dialog/dlg_handlers.c +++ b/modules/dialog/dlg_handlers.c @@ -992,7 +992,29 @@ static inline int parse_dlg_rr_param(char *p, char *end, int *h_entry, int *h_id { char *s; + /* sanity checks */ + if (!p) { + LM_ERR("NULL start of parameter string"); + return -1; + } + + if (!end) { + LM_ERR("NULL end of parameter string"); + return -1; + } + + if (!h_entry) { + LM_ERR("NULL h_entry"); + return -1; + } + + if (!h_id) { + LM_ERR("NULL h_id"); + return -1; + } + for ( s=p ; p<end && *p!=DLG_SEPARATOR ; p++ ); + if (*p!=DLG_SEPARATOR) { LM_ERR("malformed rr param '%.*s'\n", (int)(long)(end-s), s); return -1;