6 Sep
2021
6 Sep
'21
2:02 p.m.
Module: kamailio
Branch: master
Commit: baed515e8aed8e5b505ff716eb57d0c60e582632
URL: https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2021-09-06T13:01:55+02:00
core: parse content length - consider multi line header format
- safety checks for log message when not parsing the message buffer
---
Modified: src/core/parser/parse_content.c
---
Diff:
https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c…
Patch:
https://github.com/kamailio/kamailio/commit/baed515e8aed8e5b505ff716eb57d0c…
---
diff --git a/src/core/parser/parse_content.c b/src/core/parser/parse_content.c
index 007217df96..34cdd40e36 100644
--- a/src/core/parser/parse_content.c
+++ b/src/core/parser/parse_content.c
@@ -219,6 +219,10 @@ char* parse_content_length(char* const buffer, const char* const
end,
int size;
p = buffer;
+ if(buffer>=end) {
+ LM_ERR("empty input buffer: %p - %p\n", buffer, end);
+ goto error;
+ }
/* search the begining of the number */
while ( p<end && (*p==' ' || *p=='\t' ||
(*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
@@ -235,20 +239,40 @@ char* parse_content_length(char* const buffer, const char* const
end,
}
if (p==end || size==0)
goto error;
- /* now we should have only spaces at the end */
- while ( p<end && (*p==' ' || *p=='\t' ||
- (*p=='\n' && (*(p+1)==' '||*(p+1)=='\t')) ))
- p++;
- if (p==end)
- goto error;
- /* the header ends proper? */
- if ( (*(p++)!='\n') && (*(p-1)!='\r' || *(p++)!='\n' )
)
- goto error;
+ do {
+ /* only spaces till the end-of-header */
+ while (p<end && (*p==' ' || *p=='\t')) p++;
+ if (p==end)
+ goto error;
+ /* EOH with \n or \r\n */
+ if(*p=='\n') {
+ p++;
+ } else if (p+1<end && *p=='\r' && *(p+1)=='\n') {
+ p += 2;
+ } else {
+ /* no valid EOH */
+ goto error;
+ }
+ if(p<end) {
+ /* multi line header body */
+ if(*p==' ' || *p=='\t') {
+ p++;
+ if (p==end)
+ goto error;
+ } else {
+ break;
+ }
+ }
+ } while(p<end);
*length = number;
return p;
error:
- LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+ if(p<end) {
+ LM_ERR("parse error near char [%d][%c]\n", *p, *p);
+ } else {
+ LM_ERR("parse error over the end of input: %p - %p\n", buffer, end);
+ }
return 0;
}
1176
days inactive
1176
days old
0 comments
1 participants
participants (1)
-
Daniel-Constantin Mierla