Module: kamailio
Branch: 5.0
Commit: 7931da0ca46626d7bb06c631e0be012f9ee8d3ea
URL:
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012…
Author: Henning Westerholt <hw(a)kamailio.org>
Committer: Henning Westerholt <hw(a)skalatan.de>
Date: 2019-04-03T23:24:45+02:00
topoh: improve checks for via header processing
(cherry picked from commit 78ccdb7ff1ebc34748092fe01ff249f5eeb661c8)
---
Modified: src/modules/topoh/th_mask.c
Modified: src/modules/topoh/th_msg.c
---
Diff:
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012…
Patch:
https://github.com/kamailio/kamailio/commit/7931da0ca46626d7bb06c631e0be012…
---
diff --git a/src/modules/topoh/th_mask.c b/src/modules/topoh/th_mask.c
index 2c0d1aa24f..fce9255f20 100644
--- a/src/modules/topoh/th_mask.c
+++ b/src/modules/topoh/th_mask.c
@@ -141,6 +141,12 @@ char* th_mask_decode(char *in, int ilen, str *prefix, int extra, int
*olen)
*olen = (((ilen-((prefix!=NULL&&prefix->len>0)?prefix->len:0)) * 6)
>> 3)
- n;
+
+ if (*olen<=0) {
+ LM_ERR("invalid olen parameter calculated, can't continue %d\n", *olen);
+ return NULL;
+ }
+
out = (char*)pkg_malloc((*olen+1+extra)*sizeof(char));
if(out==NULL)
diff --git a/src/modules/topoh/th_msg.c b/src/modules/topoh/th_msg.c
index c2c1ee6e32..f0c3420309 100644
--- a/src/modules/topoh/th_msg.c
+++ b/src/modules/topoh/th_msg.c
@@ -411,7 +411,7 @@ int th_unmask_via(sip_msg_t *msg, str *cookie)
else
out.s = th_mask_decode(vp->value.s, vp->value.len,
&th_vparam_prefix, 0, &out.len);
- if(out.s==NULL)
+ if(out.s==NULL || out.len<=0)
{
LM_ERR("cannot decode via %d\n", i);
return -1;
@@ -945,7 +945,12 @@ int th_add_via_cookie(sip_msg_t *msg, struct via_body *via)
if (via->params.s) {
viap = via->params.s - via->hdr.s - 1;
} else {
- viap = via->host.s - via->hdr.s + via->host.len;
+ if (via->host.s) {
+ viap = via->host.s - via->hdr.s + via->host.len;
+ } else {
+ LM_ERR("no via parameter and no via host, can't insert cookie\n");
+ return -1;
+ }
if (via->port!=0)
viap += via->port_str.len + 1; /* +1 for ':'*/
}