Browse code

dialog: safety checks for local cseq and contact vars

- avoid crash on systems not printing null string of length 0
- GH #1717

Daniel-Constantin Mierla authored on 30/11/2018 15:31:22
Showing 1 changed files
... ...
@@ -200,7 +200,7 @@ int populate_leg_info( struct dlg_cell *dlg, struct sip_msg *msg,
200 200
 	if (leg==DLG_CALLER_LEG) {
201 201
 		if((!msg->cseq && (parse_headers(msg,HDR_CSEQ_F,0)<0 || !msg->cseq))
202 202
 			|| !msg->cseq->parsed){
203
-			LM_ERR("bad sip message or missing CSeq hdr :-/\n");
203
+			LM_ERR("bad sip message or missing CSeq hdr\n");
204 204
 			goto error0;
205 205
 		}
206 206
 		cseq = (get_cseq(msg))->number;
... ...
@@ -208,6 +208,10 @@ int populate_leg_info( struct dlg_cell *dlg, struct sip_msg *msg,
208 208
 		/* use the same as in request */
209 209
 		cseq = dlg->cseq[DLG_CALLEE_LEG];
210 210
 	}
211
+	if(cseq.s==NULL || cseq.len<=0) {
212
+		LM_ERR("empty CSeq number\n");
213
+		goto error0;
214
+	}
211 215
 
212 216
 	/* extract the contact address */
213 217
 	if (!msg->contact&&(parse_headers(msg,HDR_CONTACT_F,0)<0||!msg->contact)){
... ...
@@ -221,6 +225,10 @@ int populate_leg_info( struct dlg_cell *dlg, struct sip_msg *msg,
221 221
 		goto error0;
222 222
 	}
223 223
 	contact = ((contact_body_t *)msg->contact->parsed)->contacts->uri;
224
+	if(contact.s==NULL || contact.len<=0) {
225
+		LM_ERR("empty contact uri\n");
226
+		goto error0;
227
+	}
224 228
 
225 229
 	/* extract the record-route addresses */
226 230
 	if (leg==DLG_CALLER_LEG) {
... ...
@@ -250,10 +258,10 @@ int populate_leg_info( struct dlg_cell *dlg, struct sip_msg *msg,
250 250
 
251 251
 	LM_DBG("leg(%d) route_set [%.*s], contact [%.*s], cseq [%.*s]"
252 252
 			" and bind_addr [%.*s]\n",
253
-		leg, rr_set.len, rr_set.s, contact.len, contact.s,
254
-		cseq.len, cseq.s,
253
+		leg, rr_set.len, ZSW(rr_set.s), contact.len, ZSW(contact.s),
254
+		cseq.len, ZSW(cseq.s),
255 255
 		msg->rcv.bind_address->sock_str.len,
256
-		msg->rcv.bind_address->sock_str.s);
256
+		ZSW(msg->rcv.bind_address->sock_str.s));
257 257
 
258 258
 	if (dlg_set_leg_info( dlg, tag, &rr_set, &contact, &cseq, leg)!=0) {
259 259
 		LM_ERR("dlg_set_leg_info failed (leg %d)\n", leg);