Module: kamailio Branch: 5.2 Commit: 224162d728d50adee8226308d5971fec069e278a URL: https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fec...
Author: Nacho Garcia Segovia nacho.gs@zaleos.net Committer: Victor Seva linuxmaniac@torreviejawireless.org Date: 2018-12-07T11:56:44+01:00
core: fixed segmentation fault when handling multipart bodies
Function check_boundaries() in msg_translator.c not handling property the length of the buffers when it needs to repair the boundary, getting a negative lenght and causing a segmentation fault.
(cherry picked from commit 18e485a3172055fa5c808c2423629d5bbd10b37e)
---
Modified: src/core/msg_translator.c
---
Diff: https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fec... Patch: https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fec...
---
diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c index a272aeb6bc..08e518a9d8 100644 --- a/src/core/msg_translator.c +++ b/src/core/msg_translator.c @@ -1838,10 +1838,10 @@ int check_boundaries(struct sip_msg *msg, struct dest_info *send_info) tmp.len = get_line(lb_t->s); if(tmp.len!=b.len || strncmp(b.s, tmp.s, b.len)!=0) { - LM_DBG("malformed bondary in the middle\n"); + LM_DBG("malformed boundary in the middle\n"); memcpy(pb, b.s, b.len); body.len = body.len + b.len; pb = pb + b.len; - t = lb_t->s.s - (lb_t->s.s + tmp.len); + t = lb_t->next->s.s - (lb_t->s.s + tmp.len); memcpy(pb, lb_t->s.s+tmp.len, t); pb = pb + t; /*LM_DBG("new chunk[%d][%.*s]\n", t, t, pb-t);*/ }
-
Victor Seva