[OpenSIPS-Devel] [OpenSIPS/opensips] c2c7b0: rest_client: Fix some POST/PUT corner-cases

Liviu Chircu liviu at opensips.org
Wed Sep 26 08:23:41 EDT 2018


  Branch: refs/heads/master
  Home:   https://github.com/OpenSIPS/opensips
  Commit: c2c7b052b4b4d05abde20520098acc68f8cd3ed0
      https://github.com/OpenSIPS/opensips/commit/c2c7b052b4b4d05abde20520098acc68f8cd3ed0
  Author: Liviu Chircu <liviu at opensips.org>
  Date:   2018-09-26 (Wed, 26 Sep 2018)

  Changed paths:
    M modules/rest_client/rest_client.c
    M modules/rest_client/rest_methods.c
    M modules/rest_client/rest_methods.h

  Log Message:
  -----------
  rest_client: Fix some POST/PUT corner-cases

This patch addresses two rare bugs such that they may now only occur
with old curl versions (pre 7.17.1, that's pre 2007).

When calling rest_post() or rest_put(), assuming we're fetching the
request body buffer into "req_body" via fixup_get_svalue():

    1. since req_body->s is not dup'ed and may point to a PV buf,
	the next SIP message may impact the currently "just launched"
	async transfer by overriding the value stored in the PV buffer
	before libcurl fully reads it

    2. req_body->s is provided by a PV which does not NULL-terminate
	strings (e.g. $du), thus curl's strlen() may overflow or crash



      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.


More information about the Devel mailing list