[OpenSIPS-Devel] [OpenSIPS/opensips] f1f67d: Improve robustness of core URI copying functions

Liviu Chircu liviu at opensips.org
Thu Mar 24 22:03:38 CET 2016


  Branch: refs/heads/2.1
  Home:   https://github.com/OpenSIPS/opensips
  Commit: f1f67d99d3cac828e270c69ca5295c2d89fe13be
      https://github.com/OpenSIPS/opensips/commit/f1f67d99d3cac828e270c69ca5295c2d89fe13be
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2016-03-24 (Thu, 24 Mar 2016)

  Changed paths:
    M parser/msg_parser.c
    M serialize.c

  Log Message:
  -----------
  Improve robustness of core URI copying functions

Namely set_ruri(), set_dst_uri(), set_path_vector().

This patch corrects the behaviour of the above functions when they are
fed strange/corrupt strings, such as {NULL, 5} or {0x7fb..., 0}.

There are still plenty of pieces of OpenSIPS code which assume such
strings should be correctly processed, e.g. next_branches(), which may
lead to a whole world of problems ranging from segfaults, double free
operations and dangling pointers all the way up to intermixed shm/pkg
memory pointers.

The best way of addressing this issue is to simply accept such input and
zeroize (and free) the concerned sip_msg attributes.

Many thanks to Ovidiu Sas <osas at voipembedded.com> for in-depth error
reporting and assistance in fixing this issue

(cherry picked from commit 2787308f68e6ee878dcf710cd7b36992af62aab9)




More information about the Devel mailing list