[OpenSIPS-Devel] [ opensips-Bugs-3481737 ] Memory corruption using via-parsing trasformations
SourceForge.net
noreply at sourceforge.net
Mon Jan 30 21:17:58 CET 2012
Bugs item #3481737, was opened at 2012-01-30 12:07
Message generated for change (Comment added) made by ekobi
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3481737&group_id=232389
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: core
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Kobi Eshun (ekobi)
Assigned to: Nobody/Anonymous (nobody)
Summary: Memory corruption using via-parsing trasformations
Initial Comment:
Use of string transformations such as this:
$var(edgetransport) = $(var(edgevia){via.transport}{s.tolower});
result in corruption to the package memory structures. Cause is a bad test in transformations.c:tr_eval_via(). Fixed with commit 8696 to head:
tigger:opensips-trunk kobi$ svn diff
Index: transformations.c
===================================================================
--- transformations.c (revision 8695)
+++ transformations.c (working copy)
@@ -638,7 +638,7 @@
strncmp(_tr_via.s, val->rs.s, val->rs.len)!=0
|| _tr_parsed_via==0)
{
- if(val->rs.len>_tr_via.len)
+ if(4+val->rs.len>_tr_via.len)
{
if(_tr_via.s) pkg_free(_tr_via.s);
_tr_via.s = (char*)pkg_malloc((val->rs.len+4)*sizeof(char));
--
kobi
----------------------------------------------------------------------
>Comment By: Kobi Eshun (ekobi)
Date: 2012-01-30 12:17
Message:
Fixed with SVN commit commit 8696 to head. Should consider back-porting to
1.6.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1086410&aid=3481737&group_id=232389
More information about the Devel
mailing list