- fix: doing strlen(bodybuff) after having free()d it

found by dmalloc memory poisoning
- fix: new branch id hash calculation was not working properly
  (dont check return status in osip_xxx_to_str() functions -
  the docu does not say anything about them (looks like 0 == success)
  but better check the returnet string pointer value -> NULL = failed)
  This resulted in a memory leak an imporper calculated MD5 hash.

src/proxy.c

@@ -710,7 +710,6 @@ if (configuration.debuglevel)
 
    /* include new body */
    osip_message_set_body(mymsg, bodybuff);
-   osip_free(bodybuff);
 
    /* free content length resource and include new one*/
    osip_content_length_free(mymsg->content_length);
@@ -718,6 +717,9 @@ if (configuration.debuglevel)
    sprintf(clen,"%i",strlen(bodybuff));
    sts = osip_message_set_content_length(mymsg, clen);
 
+   /* free old body */
+   osip_free(bodybuff);
+
 if (configuration.debuglevel)
 { /* just dump the buffer */
    char *tmp, *tmp2;

src/sip_utils.c

@@ -794,7 +794,8 @@ int  sip_calculate_branch_id (osip_message_t *sip_msg, char *id) {
       MD5Init(&Md5Ctx);
 
       /* topmost via */
-      if (osip_via_to_str(via, &tmp)) {
+      osip_via_to_str(via, &tmp);
+      if (tmp) {
          MD5Update(&Md5Ctx, tmp, strlen(tmp));
          osip_free(tmp);
       }
@@ -813,7 +814,8 @@ int  sip_calculate_branch_id (osip_message_t *sip_msg, char *id) {
 
       /* Call-ID */
       call_id = osip_message_get_call_id(sip_msg);
-      if (osip_call_id_to_str(call_id, &tmp)) {
+      osip_call_id_to_str(call_id, &tmp);
+      if (tmp) {
          MD5Update(&Md5Ctx, tmp, strlen(tmp));
          osip_free(tmp);
       }
@@ -825,7 +827,8 @@ int  sip_calculate_branch_id (osip_message_t *sip_msg, char *id) {
       }
  
       /* Request URI */
-      if (osip_uri_to_str(sip_msg->req_uri, &tmp)) {
+      osip_uri_to_str(sip_msg->req_uri, &tmp);
+      if (tmp) {
          MD5Update(&Md5Ctx, tmp, strlen(tmp));
          osip_free(tmp);
       }