Module: kamailio Branch: 4.2 Commit: 1e4043f5c7af6204117a8780b0afe5c00b26be28 URL: https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c… Author: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Committer: Stefan Mititelu &lt;stefan.mititelu(a)1and1.ro&gt; Date: 2015-11-03T16:51:12+02:00 dialog: Sanity checks Add NULL checks for the parse_dlg_rr_param(). Segfault when 'did' parameter was empty in the Route header (e.g. 'did='). (cherry picked from commit 876787d977c46ffcb1288f5eb66e91145cba1061) --- Modified: modules/dialog/dlg_handlers.c --- Diff: https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c… Patch: https://github.com/kamailio/kamailio/commit/1e4043f5c7af6204117a8780b0afe5c… --- diff --git a/modules/dialog/dlg_handlers.c b/modules/dialog/dlg_handlers.c index 7dc8478..d4eab6a 100644 --- a/modules/dialog/dlg_handlers.c +++ b/modules/dialog/dlg_handlers.c @@ -996,7 +996,29 @@ static inline int parse_dlg_rr_param(char *p, char *end, int *h_entry, int *h_id { char *s; + /* sanity checks */ + if (!p) { + LM_ERR("NULL start of parameter string"); + return -1; + } + + if (!end) { + LM_ERR("NULL end of parameter string"); + return -1; + } + + if (!h_entry) { + LM_ERR("NULL h_entry"); + return -1; + } + + if (!h_id) { + LM_ERR("NULL h_id"); + return -1; + } + for ( s=p ; p<end && *p!=DLG_SEPARATOR ; p++ ); + if (*p!=DLG_SEPARATOR) { LM_ERR("malformed rr param '%.*s'\n", (int)(long)(end-s), s); return -1;