Module: kamailio Branch: 4.4 Commit: 77706a1f45ce83e43c04883a230a41d0a10b70d1 URL: https://github.com/kamailio/kamailio/commit/77706a1f45ce83e43c04883a230a41d… Author: Lucian Balaceanu &lt;lucian.balaceanu(a)1and1.ro&gt; Committer: Lucian Balaceanu &lt;lucian.balaceanu(a)1and1.ro&gt; Date: 2018-10-30T10:44:11+02:00 pdb: fix SIGABRT in case of too long uris kudos for this one go to Verena Kahmann buf in pdb_msg_dbg should correctly accomodate for pdb_bdy size pdb_hdr + pdb_bdy should add to pdb_hdr.length (max 255) --- Modified: modules/pdb/common.h Modified: modules/pdb/pdb.c --- Diff: https://github.com/kamailio/kamailio/commit/77706a1f45ce83e43c04883a230a41d… Patch: https://github.com/kamailio/kamailio/commit/77706a1f45ce83e43c04883a230a41d… --- diff --git a/modules/pdb/common.h b/modules/pdb/common.h index cd4932958b..026c8bc488 100644 --- a/modules/pdb/common.h +++ b/modules/pdb/common.h @@ -41,7 +41,8 @@ #define OTHER_CARRIERID 1000 #define MAX_CARRIERID 1000 #define NULL_CARRIERID -1001 -#define PAYLOADSIZE 256 +/* hdr size + PAYLOADSIZE must add to 255 (uint8_t pdb_hdr.length) */ +#define PAYLOADSIZE 249 #define IS_VALID_PDB_CARRIERID(id) ((id>=MIN_PDB_CARRIERID) && (id<=MAX_PDB_CARRIERID)) diff --git a/modules/pdb/pdb.c b/modules/pdb/pdb.c index 6feb3098c2..9ea05d34d6 100644 --- a/modules/pdb/pdb.c +++ b/modules/pdb/pdb.c @@ -160,7 +160,7 @@ static struct server_list_t *server_list; /* debug function for the new client <-> server protocol */ static void pdb_msg_dbg(struct pdb_msg msg, char *dbg_msg) { int i; - char buf[PAYLOADSIZE]; + char buf[PAYLOADSIZE*3+1]; char *ptr = buf; for (i = 0; i < msg.hdr.length - sizeof(msg.hdr); i++) { @@ -279,7 +279,7 @@ static int pdb_query(struct sip_msg *_msg, struct multiparam_t *_number, struct /* prepare request */ reqlen = number.len + 1; /* include null termination */ - if (reqlen > sizeof(struct pdb_bdy)) { + if (reqlen > PAYLOADSIZE) { LM_ERR("number too long '%.*s'.\n", number.len, number.s); return -1; } @@ -319,6 +319,7 @@ static int pdb_query(struct sip_msg *_msg, struct multiparam_t *_number, struct break; } + memset(&msg,0,sizeof(struct pdb_msg)); /* wait for response */ for (;;) { if (gettimeofday(&tnow, NULL) != 0) {