Module: kamailio Branch: master Commit: d6b0beb5a219ae57a62e9e7201a6ec1fe66e5a96 URL: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1f...

Author: Daniel-Constantin Mierla miconda@gmail.com Committer: Daniel-Constantin Mierla miconda@gmail.com Date: 2024-05-03T14:36:29+02:00

core: parser/contact - add limit for max number of contacts

- defined to 256

---

Modified: src/core/parser/contact/contact.c

---

Diff: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1f... Patch: https://github.com/kamailio/kamailio/commit/d6b0beb5a219ae57a62e9e7201a6ec1f...

---

diff --git a/src/core/parser/contact/contact.c b/src/core/parser/contact/contact.c index dd522a6cd3c..322a22e9590 100644 --- a/src/core/parser/contact/contact.c +++ b/src/core/parser/contact/contact.c @@ -221,6 +221,8 @@ static inline void contact_append(contact_t **head, contact_t *node) ptr->next = node; }

+#define KSR_MAX_CONTACTS 256 + /* * Parse contacts in a Contact HF */ @@ -229,9 +231,11 @@ int parse_contacts(str *_s, contact_t **_c) contact_t *c; param_hooks_t hooks; str sv; + int n;

sv = *_s;

+ n = 0; while(1) { /* Allocate and clear contact structure */ c = (contact_t *)pkg_malloc(sizeof(contact_t)); @@ -273,7 +277,6 @@ int parse_contacts(str *_s, contact_t **_c) LM_ERR("invalid contact uri\n"); goto error; } - if(_s->len == 0) goto ok;

@@ -312,7 +315,12 @@ int parse_contacts(str *_s, contact_t **_c)

contact_append(_c, c); c = NULL; + n++;

+ if(n > KSR_MAX_CONTACTS) { + LM_ERR("too many contacts: %d\n", n); + return -1; + } if(_s->len == 0) { LM_ERR("text after comma missing\n"); goto error;