Module: sip-router Branch: kamailio_3.0 Commit: 12894357413fe9fc91fc115d28d7fd523c1955f6 URL: http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=12894357...

Author: Marius Zbihlei marius.zbihlei@1and1.ro Committer: Marius Zbihlei marius.zbihlei@1and1.ro Date: Fri Jul 23 11:32:25 2010 +0300

modules_k/pv : Fixed a bug in pv transformation (tobody transformation), that caused a segmentation fault.

The bug was caused by a incorrect error handling of the parse_to() method (defined in parser/parse_to.c). The function returns a char* (pointer to the last character parsed), in case of error it updates an error status. On incorrect to params, a segmentation fault happened after some time.(Because of a double pkg_free). (cherry picked from commit e7096bf24310b71623520a3b963ddc50c111827c)

---

modules_k/pv/pv_trans.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/modules_k/pv/pv_trans.c b/modules_k/pv/pv_trans.c index d9120de..f8e7347 100644 --- a/modules_k/pv/pv_trans.c +++ b/modules_k/pv/pv_trans.c @@ -950,7 +950,8 @@ int tr_eval_tobody(struct sip_msg *msg, tr_param_t *tp, int subtype, /* parse params */ sv = _tr_tobody_str; - if (parse_to(sv.s, sv.s + sv.len + 2, &_tr_tobody)<0) + parse_to(sv.s, sv.s + sv.len + 2, &_tr_tobody); + if (_tr_tobody.error == PARSE_ERROR) { memset(&_tr_tobody, 0, sizeof(struct to_body)); pkg_free(_tr_tobody_str.s);