[OpenSIPS-Devel] [OpenSIPS/opensips] 7de09f: cfgutils: fix check_time_rec() leak and mem access
Răzvan Crainea
noreply at github.com
Wed Jan 15 03:24:42 EST 2020
Branch: refs/heads/2.4
Home: https://github.com/OpenSIPS/opensips
Commit: 7de09fb15e821064e944ff2d1cd6d98b2472873c
https://github.com/OpenSIPS/opensips/commit/7de09fb15e821064e944ff2d1cd6d98b2472873c
Author: Razvan Crainea <razvan at opensips.org>
Date: 2020-01-15 (Wed, 15 Jan 2020)
Changed paths:
M modules/cfgutils/cfgutils.c
Log Message:
-----------
cfgutils: fix check_time_rec() leak and mem access
1. The timerec parsing modifies the buffer, therefore it is a good idea
to always duplicate the timerec buffer pkg
2. The timerec parsing relies on the fact that the string is null
terminated - however the module interface does not guarantee the
string will be null terminated if it comes from a pseudo-variable
3. The timerec should be allocated in pkg memory, there's no reason why
it should be shared
4. After checking the timerec, the function needs to release the memory
More information about the Devel
mailing list