git:master:baed515e: core: parse content length - consider multi line header format - sr-dev

6 Sep 2021

Module: kamailio
Branch: master
Commit: baed515e8aed8e5b505ff716eb57d0c60e582632
URL: https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c6...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2021-09-06T13:01:55+02:00
core: parse content length - consider multi line header format
- safety checks for log message when not parsing the message buffer
---
Modified: src/core/parser/parse_content.c
---
Diff:  https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c6...
Patch: https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c6...
---

diff --git a/src/core/parser/parse_content.c b/src/core/parser/parse_content.c
index 007217df96..34cdd40e36 100644
--- a/src/core/parser/parse_content.c
+++ b/src/core/parser/parse_content.c
@@ -219,6 +219,10 @@ char* parse_content_length(char* const buffer, const char* const end,
    int  size;
p = buffer;
+	if(buffer>=end) {
+		LM_ERR("empty input buffer: %p - %p\n", buffer, end);
+		goto error;
+	}
    /* search the begining of the number */
    while ( p<end && (*p==' ' || *p=='\t' ||
    (*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
@@ -235,20 +239,40 @@ char* parse_content_length(char* const buffer, const char* const end,
    }
    if (p==end || size==0)
    	goto error;
-	/* now we should have only spaces at the end */
-	while ( p<end && (*p==' ' || *p=='\t' ||
-	(*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
-		p++;
-	if (p==end)
-		goto error;
-	/* the header ends proper? */
-	if ( (*(p++)!='\n') && (*(p-1)!='\r' || *(p++)!='\n' ) )
-		goto error;
+	do {
+		/* only spaces till the end-of-header */
+		while (p<end && (*p==' ' || *p=='\t')) p++;
+		if (p==end)
+			goto error;
+		/* EOH with \n or \r\n */
+		if(*p=='\n') {
+			p++;
+		} else if (p+1<end && *p=='\r' && *(p+1)=='\n') {
+			p += 2;
+		} else {
+			/* no valid EOH */
+			goto error;
+		}
+		if(p<end) {
+			/* multi line header body */
+			if(*p==' ' || *p=='\t') {
+				p++;
+				if (p==end)
+					goto error;
+			} else {
+				break;
+			}
+		}
+	} while(p<end);
*length = number;
    return p;
 error:
-	LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+	if(p<end) {
+		LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+	} else {
+		LM_ERR("parse error over the end of input: %p - %p\n", buffer, end);
+	}
    return 0;
 }

    