Module: kamailio
Branch: 5.2
Commit: 224162d728d50adee8226308d5971fec069e278a
URL:
https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fe…
Author: Nacho Garcia Segovia <nacho.gs(a)zaleos.net>
Committer: Victor Seva <linuxmaniac(a)torreviejawireless.org>
Date: 2018-12-07T11:56:44+01:00
core: fixed segmentation fault when handling multipart bodies
Function check_boundaries() in msg_translator.c not handling property the length of the
buffers when it needs to repair the boundary, getting a negative lenght and causing a
segmentation fault.
(cherry picked from commit 18e485a3172055fa5c808c2423629d5bbd10b37e)
---
Modified: src/core/msg_translator.c
---
Diff:
https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fe…
Patch:
https://github.com/kamailio/kamailio/commit/224162d728d50adee8226308d5971fe…
---
diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c
index a272aeb6bc..08e518a9d8 100644
--- a/src/core/msg_translator.c
+++ b/src/core/msg_translator.c
@@ -1838,10 +1838,10 @@ int check_boundaries(struct sip_msg *msg, struct dest_info
*send_info)
tmp.len = get_line(lb_t->s);
if(tmp.len!=b.len || strncmp(b.s, tmp.s, b.len)!=0)
{
- LM_DBG("malformed bondary in the middle\n");
+ LM_DBG("malformed boundary in the middle\n");
memcpy(pb, b.s, b.len); body.len = body.len + b.len;
pb = pb + b.len;
- t = lb_t->s.s - (lb_t->s.s + tmp.len);
+ t = lb_t->next->s.s - (lb_t->s.s + tmp.len);
memcpy(pb, lb_t->s.s+tmp.len, t); pb = pb + t;
/*LM_DBG("new chunk[%d][%.*s]\n", t, t, pb-t);*/
}