[OpenSIPS-Devel] [OpenSIPS/opensips] cb4302: rest_client: Fix some POST/PUT corner-cases
Liviu Chircu
liviu at opensips.org
Wed Sep 26 08:24:56 EDT 2018
Branch: refs/heads/2.4
Home: https://github.com/OpenSIPS/opensips
Commit: cb43020ee61614dbd2a4bd5009874365b1f98f56
https://github.com/OpenSIPS/opensips/commit/cb43020ee61614dbd2a4bd5009874365b1f98f56
Author: Liviu Chircu <liviu at opensips.org>
Date: 2018-09-26 (Wed, 26 Sep 2018)
Changed paths:
M modules/rest_client/rest_client.c
M modules/rest_client/rest_methods.c
M modules/rest_client/rest_methods.h
Log Message:
-----------
rest_client: Fix some POST/PUT corner-cases
This patch addresses two rare bugs such that they may now only occur
with old curl versions (pre 7.17.1, that's pre 2007).
When calling rest_post() or rest_put(), assuming we're fetching the
request body buffer into "req_body" via fixup_get_svalue():
1. since req_body->s is not dup'ed and may point to a PV buf,
the next SIP message may impact the currently "just launched"
async transfer by overriding the value stored in the PV buffer
before libcurl fully reads it
2. req_body->s is provided by a PV which does not NULL-terminate
strings (e.g. $du), thus curl's strlen() may overflow or crash
(cherry picked from commit c2c7b052b4b4d05abde20520098acc68f8cd3ed0)
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Devel
mailing list