Browse code

core: set to NULL the pointers to several sip msg fileds in cloned structure

- instance, ruid and location_ua are reset to null for the clone in shm,
otherwise they point to pkg and the shm can be used from other
process, resulting in crash
- reported and credits for testing and troubleshooting to Alex Balashov

Daniel-Constantin Mierla authored on 19/09/2013 11:25:41
Showing 1 changed files
... ...
@@ -539,6 +539,17 @@ struct sip_msg*  sip_msg_shm_clone( struct sip_msg *org_msg, int *sip_msg_len,
539 539
 	/* path_vec is not cloned (it's reset instead) */
540 540
 	new_msg->path_vec.s=0;
541 541
 	new_msg->path_vec.len=0;
542
+	/* instance is not cloned (it's reset instead) */
543
+	new_msg->instance.s=0;
544
+	new_msg->instance.len=0;
545
+	/* ruid is not cloned (it's reset instead) */
546
+	new_msg->ruid.s=0;
547
+	new_msg->ruid.len=0;
548
+	/* location ua is not cloned (it's reset instead) */
549
+	new_msg->location_ua.s=0;
550
+	new_msg->location_ua.len=0;
551
+	/* reg_id is not cloned (it's reset instead) */
552
+	new_msg->reg_id=0;
542 553
 	/* message buffers(org and scratch pad) */
543 554
 	memcpy( p , org_msg->buf, org_msg->len);
544 555
 	/* ZT to be safer */