Module: kamailio
Branch: master
Commit: 20a75004d53a06da0f22b11804a4d83496ad8919
URL:
https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d83…
Author: Alexander Couzens <lynxis(a)fe80.eu>
Committer: Henning Westerholt <hw(a)gilawa.com>
Date: 2024-04-29T19:27:15+02:00
ims_registrar_scscf: fix uninitialized arguments in save()
The script "save" command can be used with different arguments:
2, 3 and 4.
But internally for all save() calls the exact same function is use, w_save().
When calling save("PRE_REG_SAR_REPLY","location"); as given by the
examples,
kamailio will call w_save().
Because the command code will cast the function pointer, the w_save() function
is called with 2 uninitialized arguments *mode, *c_flags.
mode is unused, seems a legacy argument. c_flags is referenced resulting in a crash
if not null.
Use separate wrapper functions to handle different argument number.
Fixes: a627c9a04a74 ("ims_registrar_scscf: Extend save() with optional flag")
---
Modified: src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
---
Diff:
https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d83…
Patch:
https://github.com/kamailio/kamailio/commit/20a75004d53a06da0f22b11804a4d83…
---
diff --git a/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
b/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
index 07403a2b1e6..d17b5e38823 100644
--- a/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
+++ b/src/modules/ims_registrar_scscf/ims_registrar_scscf_mod.c
@@ -131,7 +131,9 @@ struct _pv_req_data _pv_treq;
static int mod_init(void);
static int child_init(int);
static void mod_destroy(void);
-static int w_save(
+static int w_save2(struct sip_msg *_m, char *_route, char *_d);
+static int w_save3(struct sip_msg *_m, char *_route, char *_d, char *mode);
+static int w_save4(
struct sip_msg *_m, char *_route, char *_d, char *mode, char *_cflags);
static int w_assign_server_unreg(
struct sip_msg *_m, char *_route, char *_d, char *_direction);
@@ -231,11 +233,11 @@ static pv_export_t mod_pvs[] = {
* Exported functions
*/
static cmd_export_t cmds[] = {
- {"save", (cmd_function)w_save, 2, assign_save_fixup3_async, 0,
+ {"save", (cmd_function)w_save2, 2, assign_save_fixup3_async, 0,
REQUEST_ROUTE | ONREPLY_ROUTE},
- {"save", (cmd_function)w_save, 3, assign_save_fixup3_async, 0,
+ {"save", (cmd_function)w_save3, 3, assign_save_fixup3_async, 0,
REQUEST_ROUTE | ONREPLY_ROUTE},
- {"save", (cmd_function)w_save, 4, save_fixup3, free_uint_fixup,
+ {"save", (cmd_function)w_save4, 4, save_fixup3, free_uint_fixup,
REQUEST_ROUTE | ONREPLY_ROUTE},
{"lookup", (cmd_function)w_lookup, 1, domain_fixup, 0,
REQUEST_ROUTE | FAILURE_ROUTE},
@@ -677,9 +679,21 @@ AAAMessage *callback_cdp_request(AAAMessage *request, void *param)
/*! \brief
* Wrapper to save(location)
*/
-static int w_save(
+static int w_save2(struct sip_msg *_m, char *_route, char *_d)
+{
+ return save(_m, _d, _route, 0);
+}
+
+static int w_save3(struct sip_msg *_m, char *_route, char *_d, char *_mode)
+{
+ /* mode is unsed. Docs says legacy parameter? Maybe to be compatible with
registrar/save? */
+ return save(_m, _d, _route, 0);
+}
+
+static int w_save4(
struct sip_msg *_m, char *_route, char *_d, char *mode, char *_cflags)
{
+ /* mode is unsed. Docs says legacy parameter? Maybe to be compatible with
registrar/save? */
if(_cflags) {
return save(_m, _d, _route, ((int)(*_cflags)));
}