Module: kamailio
Branch: 5.0
Commit: 7b20199f3e45331e4c02a314f0184dc0690c5bca
URL:
https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc…
Author: Nacho Garcia Segovia <nacho.gs(a)zaleos.net>
Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org>
Date: 2018-12-07T12:02:36+01:00
core: fixed segmentation fault when handling multipart bodies
Function check_boundaries() in msg_translator.c not handling property the length of the
buffers when it needs to repair the boundary, getting a negative lenght and causing a
segmentation fault.
(cherry picked from commit 18e485a3172055fa5c808c2423629d5bbd10b37e)
---
Modified: src/core/msg_translator.c
---
Diff:
https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc…
Patch:
https://github.com/kamailio/kamailio/commit/7b20199f3e45331e4c02a314f0184dc…
---
diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
index 8bcae89702..54ed42b903 100644
--- a/src/core/msg_translator.c
+++ b/src/core/msg_translator.c
@@ -1835,10 +1835,10 @@ int check_boundaries(struct sip_msg *msg, struct dest_info
*send_info)
tmp.len = get_line(lb_t->s);
if(tmp.len!=b.len || strncmp(b.s, tmp.s, b.len)!=0)
{
- LM_DBG("malformed bondary in the middle\n");
+ LM_DBG("malformed boundary in the middle\n");
memcpy(pb, b.s, b.len); body.len = body.len + b.len;
pb = pb + b.len;
- t = lb_t->s.s - (lb_t->s.s + tmp.len);
+ t = lb_t->next->s.s - (lb_t->s.s + tmp.len);
memcpy(pb, lb_t->s.s+tmp.len, t); pb = pb + t;
/*LM_DBG("new chunk[%d][%.*s]\n", t, t, pb-t);*/
}