Module: kamailio Branch: master Commit: 6d46ec71f941b9db9c06c6c2edac14fc9f3d1074 URL: https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14f… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2021-04-11T09:09:24+02:00 core: dns - safety checks for port and proto --- Modified: src/core/dns_cache.c Modified: src/core/resolve.c --- Diff: https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14f… Patch: https://github.com/kamailio/kamailio/commit/6d46ec71f941b9db9c06c6c2edac14f… --- diff --git a/src/core/dns_cache.c b/src/core/dns_cache.c index 7dbde8f378..58247265eb 100644 --- a/src/core/dns_cache.c +++ b/src/core/dns_cache.c @@ -3011,25 +3011,30 @@ inline static int dns_srv_resolve_ip(struct dns_srv_handle* h, { int ret; str host; + unsigned short vport; host.len=0; host.s=0; + if(port) vport =*port; + else vport = 0; + do{ if (h->a==0){ #ifdef DNS_SRV_LB if ((ret=dns_srv_resolve_nxt(&h->srv, (flags & DNS_SRV_RR_LB)?&h->srv_tried_rrs:0, &h->srv_no, - name, &host, port))<0) + name, &host, &vport))<0) goto error; #else if ((ret=dns_srv_resolve_nxt(&h->srv, &h->srv_no, - name, &host, port))<0) + name, &host, &vport))<0) goto error; #endif - h->port=*port; /* store new port */ + h->port=vport; /* store new port */ + if(port) *port=vport; }else{ - *port=h->port; /* return the stored port */ + if(port) *port=h->port; /* return the stored port */ } if ((ret=dns_ip_resolve(&h->a, &h->ip_no, &host, ip, flags))<0){ /* couldn't find any good ip for this record, try the next one */ @@ -3257,6 +3262,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h, str* name, char n_proto, origproto; str srv_name; int ret; + int res; int try_lookup_naptr = 0; ret=-E_DNS_NO_NAPTR; @@ -3302,7 +3308,7 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h, str* name, if (!try_lookup_naptr) { if(proto) *proto=origproto; - int res = dns_srv_sip_resolve(h, name, ip, port, proto, flags); + res = dns_srv_sip_resolve(h, name, ip, port, proto, flags); if (res) { mark_skip_current_naptr(e->rr_lst, h->srv); if (have_more_active_naptr(e->rr_lst)) { @@ -3324,8 +3330,8 @@ inline static int dns_naptr_sip_resolve(struct dns_srv_handle* h, str* name, LM_DBG("(%.*s, %d, %d), srv0, ret=%d\n", name->len, name->s, h->srv_no, h->ip_no, ret); dns_hash_put(e); - *proto=n_proto; - h->proto=*proto; + if(proto) *proto=n_proto; + h->proto=n_proto; return ret; } } @@ -4130,7 +4136,9 @@ static struct dns_hash_entry *dns_cache_clone_entry(struct dns_hash_entry *e, new_rr->rdata = (void*)((char*)new_rr+rr_size); new_rr->expire = now + S_TO_TICKS(ttl); /* link the rr to the previous one */ - last_rr->next = new_rr; + if(last_rr) { + last_rr->next = new_rr; + } /* fix the total_size and expires values */ new->total_size=rounded_size+rr_size+rdata_size; @@ -4396,7 +4404,7 @@ int dns_cache_add_record(unsigned short type, if (*rr_iter != new_rr->next) { /* unlink rr from the list */ - *rr_p = (*rr_p)->next; + *rr_p = (*rr_p)?(*rr_p)->next:NULL; /* link it before *rr_iter */ new_rr->next = *rr_iter; *rr_iter = new_rr; diff --git a/src/core/resolve.c b/src/core/resolve.c index 928f6af3c5..deb20a740c 100644 --- a/src/core/resolve.c +++ b/src/core/resolve.c @@ -1261,7 +1261,7 @@ struct hostent* srv_sip_resolvehost(str* name, int zt, unsigned short* port, if (is_srv){ /* skip directly to srv resolving */ srv_proto=(proto)?*proto:0; - *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT; + if(port) *port=(srv_proto==PROTO_TLS)?SIPS_PORT:SIP_PORT; if (zt){ srv_target=name->s; /* name.s must be 0 terminated in this case */