Browse code

dialog(k): init local parameter

- memset tm callback param to 0
- safety checks for MI cmd dlg match
- credits to Inaki Baz Castillo and Torben Friese

Daniel-Constantin Mierla authored on 12/02/2010 10:12:37
Showing 2 changed files
... ...
@@ -331,24 +331,29 @@ static void dlg_onreply(struct cell* t, int type, struct tmcb_params *param)
331 331
 	old_state!=DLG_STATE_CONFIRMED_NA && old_state!=DLG_STATE_CONFIRMED ) {
332 332
 		LM_DBG("dialog %p confirmed\n",dlg);
333 333
 
334
-		/* get to tag*/
335
-		if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0) || !rpl->to) ) {
336
-			LM_ERR("bad reply or missing TO hdr :-/\n");
337
-			tag.s = 0;
338
-			tag.len = 0;
339
-		} else {
340
-			tag = get_to(rpl)->tag_value;
341
-			if (tag.s==0 || tag.len==0) {
342
-				LM_ERR("missing TAG param in TO hdr :-/\n");
334
+		 if (rpl != FAKED_REPLY) {
335
+			/* get to tag*/
336
+			if ( !rpl->to && ((parse_headers(rpl, HDR_TO_F,0)<0)
337
+						|| !rpl->to) ) {
338
+				LM_ERR("bad reply or missing TO hdr :-/\n");
343 339
 				tag.s = 0;
344 340
 				tag.len = 0;
341
+			} else {
342
+				tag = get_to(rpl)->tag_value;
343
+				if (tag.s==0 || tag.len==0) {
344
+					LM_ERR("missing TAG param in TO hdr :-/\n");
345
+					tag.s = 0;
346
+					tag.len = 0;
347
+				}
345 348
 			}
346
-		}
347 349
 
348
-		/* save callee's tag, cseq, contact and record route*/
349
-		if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
350
-			LM_ERR("could not add further info to the dialog\n");
351
-		}
350
+			/* save callee's tag, cseq, contact and record route*/
351
+			if (populate_leg_info( dlg, rpl, t, DLG_CALLEE_LEG, &tag) !=0) {
352
+				LM_ERR("could not add further info to the dialog\n");
353
+			}
354
+		 } else {
355
+			 LM_ERR("Faked reply!\n");
356
+		 }
352 357
 
353 358
 		/* set start time */
354 359
 		dlg->start_ts = (unsigned int)(time(0));
... ...
@@ -500,6 +505,7 @@ static void unref_new_dialog(void *dialog)
500 505
 {
501 506
 	struct tmcb_params p;
502 507
 
508
+	memset(&p, 0, sizeof(struct tmcb_params));
503 509
 	p.param = (void*)&dialog;
504 510
 	dlg_onreply(0, TMCB_DESTROY, &p);
505 511
 }
... ...
@@ -426,6 +426,8 @@ static inline int match_dialog(struct dlg_cell *dlg, str *callid,
426 426
  */
427 427
 static inline int match_downstream_dialog(struct dlg_cell *dlg, str *callid, str *ftag)
428 428
 {
429
+	if(dlg==NULL || callid==NULL || ftag==NULL)
430
+		return 0;
429 431
 	if (dlg->callid.len!=callid->len ||
430 432
 		dlg->tag[DLG_CALLER_LEG].len!=ftag->len  ||
431 433
 		strncmp(dlg->callid.s,callid->s,callid->len)!=0 ||