Module: kamailio Branch: 5.0 Commit: 7b20199f3e45331e4c02a314f0184dc0690c5bca URL: https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc0...
Author: Nacho Garcia Segovia nacho.gs@zaleos.net Committer: Victor Seva linuxmaniac@torreviejawireless.org Date: 2018-12-07T12:02:36+01:00
core: fixed segmentation fault when handling multipart bodies
Function check_boundaries() in msg_translator.c not handling property the length of the buffers when it needs to repair the boundary, getting a negative lenght and causing a segmentation fault.
(cherry picked from commit 18e485a3172055fa5c808c2423629d5bbd10b37e)
---
Modified: src/core/msg_translator.c
---
Diff: https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc0... Patch: https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc0...
---
diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c index 8bcae89702..54ed42b903 100644 --- a/src/core/msg_translator.c +++ b/src/core/msg_translator.c @@ -1835,10 +1835,10 @@ int check_boundaries(struct sip_msg *msg, struct dest_info *send_info) tmp.len = get_line(lb_t->s); if(tmp.len!=b.len || strncmp(b.s, tmp.s, b.len)!=0) { - LM_DBG("malformed bondary in the middle\n"); + LM_DBG("malformed boundary in the middle\n"); memcpy(pb, b.s, b.len); body.len = body.len + b.len; pb = pb + b.len; - t = lb_t->s.s - (lb_t->s.s + tmp.len); + t = lb_t->next->s.s - (lb_t->s.s + tmp.len); memcpy(pb, lb_t->s.s+tmp.len, t); pb = pb + t; /*LM_DBG("new chunk[%d][%.*s]\n", t, t, pb-t);*/ }
-
Victor Seva