- fix: siproxd could crash when trying to rewrite a malformed

SIP message. (thank you, Lucas)
2010-03-29 17:28:12 +00:00 · 2010-03-29 17:28:12 +00:00 · e46d64fa7b
commit e46d64fa7b
parent ef8ae740f2
2 changed files with 44 additions and 20 deletions
--- a/src/proxy.c
+++ b/src/proxy.c
@ -807,11 +807,15 @@ if (configuration.debuglevel)
   size_t tmplen;
   sts = osip_message_get_body(mymsg, 0, &body);
   sts = sip_body_to_str(body, &tmp, &tmplen);
-   osip_content_length_to_str(mymsg->content_length, &tmp2);
-   DEBUG("Body before rewrite (may be truncated) - (clen=%s, strlen=%ld):\n%s\n----",
-         tmp2, (long)tmplen, tmp);
-   osip_free(tmp);
-   osip_free(tmp2);
+   if (sts == 0) {
+      osip_content_length_to_str(mymsg->content_length, &tmp2);
+      DEBUG("Body before rewrite (may be truncated) - (clen=%s, strlen=%ld):\n%s\n----",
+            tmp2, (long)tmplen, tmp);
+      osip_free(tmp);
+      osip_free(tmp2);
+   } else {
+      DEBUG("Body before rewrite: failed to decode!");
+   }
 }

   /*
@ -1158,11 +1162,15 @@ if (configuration.debuglevel)
   size_t tmplen;
   sts = osip_message_get_body(mymsg, 0, &body);
   sts = sip_body_to_str(body, &tmp, &tmplen);
-   osip_content_length_to_str(mymsg->content_length, &tmp2);
-   DEBUG("Body after rewrite (may be truncated) - (clen=%s, strlen=%ld):\n%s\n----",
-         tmp2, (long)tmplen, tmp);
-   osip_free(tmp);
-   osip_free(tmp2);
+   if (sts == 0) {
+      osip_content_length_to_str(mymsg->content_length, &tmp2);
+      DEBUG("Body after rewrite (may be truncated) - (clen=%s, strlen=%ld):\n%s\n----",
+            tmp2, (long)tmplen, tmp);
+      osip_free(tmp);
+      osip_free(tmp2);
+   } else {
+      DEBUG("Body after rewrite: failed to decode!");
+   }
 }
   return STS_SUCCESS;
 }
--- a/src/sip_layer.c
+++ b/src/sip_layer.c
@ -36,23 +36,39 @@ int sip_message_parse(osip_message_t * sip, const char *buf, size_t len) {

 int sip_message_to_str(osip_message_t * sip, char **dest, size_t *len) {
   int sts;
+   /* check params */
+   if ((len == NULL) || (dest == NULL) || (*dest == NULL)) return -1;
+
+   len=0;
+
   sts = osip_message_to_str(sip, dest, len);
-   /*
-    * NULL termination (libosip2-2.2.0 does NOT do this properly,
-    * there is always one byte too much :-( )
-    */
-   (*dest)[*len]='\0';
+   if (sts == 0) {
+      /*
+       * NULL termination (libosip2-2.2.0 does NOT do this properly,
+       * there is always one byte too much :-( )
+       */
+      if (len >= 0) (*dest)[*len]='\0';
+   }
+
   return sts;
 }

 int sip_body_to_str(const osip_body_t * body, char **dest, size_t *len) {
   int sts;
+   /* check params */
+   if ((len == NULL) || (dest == NULL) || (*dest == NULL)) return -1;
+
+   len=0;
+
   sts = osip_body_to_str(body, dest, len);
-   /*
-    * NULL termination (libosip2-2.2.0 does NOT do this properly,
-    * there is always one byte too much :-( )
-    */
-   (*dest)[*len]='\0';
+   if (sts == 0) {
+      /*
+       * NULL termination (libosip2-2.2.0 does NOT do this properly,
+       * there is always one byte too much :-( )
+       */
+      if (len >= 0) (*dest)[*len]='\0';
+   }
+
   return sts;
 }