Browse code

- removed -fPIC -DPIC from the Makefile (see comments) - fixed a memory leak in do_action/forward uri - fixed parse_cseq (still buggy, but a little bit better :)) - added error if header name does not end on 1 line (parse_hname) - fixed mem. leak in parse_via (if bad param)

Andrei Pelinescu-Onciul authored on 06/12/2001 20:43:05
Showing 6 changed files
... ...
@@ -35,7 +35,7 @@ NAME=ser
35 35
 #                  twice, trying to free a pointer alloc'ed with a different
36 36
 #                  malloc etc.)
37 37
 DEFS=-DTHREAD -DNOCR -DMACROEATER -DDNS_IP_HACK  -DSHM_MEM \
38
-	 -DPKG_MALLOC #-DDBG_QM_MALLOC -DNO_DEBUG
38
+	 -DPKG_MALLOC -DDBG_QM_MALLOC #-DNO_DEBUG
39 39
 # -DUSE_SHM_MEM
40 40
 #-DNO_DEBUG 
41 41
 #-DPKG_MALLOC
... ...
@@ -43,8 +43,8 @@ DEFS=-DTHREAD -DNOCR -DMACROEATER -DDNS_IP_HACK  -DSHM_MEM \
43 43
 #-DNO_LOG
44 44
 
45 45
 PROFILE=  # -pg #set this if you want profiling
46
-mode = debug
47
-#mode = release
46
+#mode = debug
47
+mode = release
48 48
 
49 49
 # platform dependent settings
50 50
 
... ...
@@ -79,8 +79,7 @@ int do_action(struct action* a, struct sip_msg* msg)
79 79
 													"forward: bad port in "
80 80
 													"uri: <%s>\n", uri.port);
81 81
 											ret=E_UNSPEC;
82
-											free_uri(&uri);
83
-											goto skip;
82
+											goto error_fwd_uri;
84 83
 										}
85 84
 									}else port=SIP_PORT;
86 85
 									break;
... ...
@@ -90,11 +89,17 @@ int do_action(struct action* a, struct sip_msg* msg)
90 90
 					default:
91 91
 							LOG(L_CRIT, "BUG: do_action bad forward 2nd"
92 92
 										" param type (%d)\n", a->p2_type);
93
-							free_uri(&uri);
94
-							goto skip;
93
+							ret=E_UNSPEC;
94
+							goto error_fwd_uri;
95 95
 				}
96 96
 				/* create a temporary proxy*/
97 97
 				p=mk_proxy(uri.host.s, port);
98
+				if (p==0){
99
+					LOG(L_ERR, "ERROR:  bad host name in uri,"
100
+							" dropping packet\n");
101
+					ret=E_BAD_ADDRESS;
102
+					goto error_fwd_uri;
103
+				}
98 104
 				ret=forward_request(msg, p);
99 105
 				free_uri(&uri);
100 106
 				free_proxy(p); /* frees only p content, not p itself */
... ...
@@ -362,6 +367,9 @@ error_uri:
362 362
 	free_uri(&uri);
363 363
 	if (new_uri) free(new_uri);
364 364
 	return E_UNSPEC;
365
+error_fwd_uri:
366
+	free_uri(&uri);
367
+	return ret;
365 368
 }
366 369
 
367 370
 
... ...
@@ -315,7 +315,7 @@ char* parse_hostport(char* buf, str* host, short int* port)
315 315
 /*BUGGY*/
316 316
 char * parse_cseq(char *buf, char* end, struct cseq_body* cb)
317 317
 {
318
-	char *t;
318
+	char *t, *m, *m_end;
319 319
 	char c;
320 320
 
321 321
 	cb->error=PARSE_ERROR;
... ...
@@ -325,17 +325,24 @@ char * parse_cseq(char *buf, char* end, struct cseq_body* cb)
325 325
 	cb->number.s=t;
326 326
 	t=eat_token_end(t, end);
327 327
 	if (t>=end) goto error;
328
+	m=eat_space_end(t, end);
329
+	m_end=eat_token_end(m, end);
328 330
 	*t=0; /*null terminate it*/
329 331
 	cb->number.len=t-cb->number.s;
330
-	t++;
331
-	t=eat_space_end(t, end);
332
-	if (t>=end) goto error;
333
-	cb->method.s=t;
334
-	t=eat_token_end(t, end);
335
-	if (t>=end) goto error;
332
+	DBG("parse_cseq: found number %s\n", cb->number.s);
333
+	
334
+	if (m_end>=end) goto error;
335
+	if (m_end==m){
336
+		/* null method*/
337
+		LOG(L_ERR,  "ERROR:parse_cseq: no method found\n");
338
+		goto error;
339
+	}
340
+	cb->method.s=m;
341
+	t=m_end;
336 342
 	c=*t;
337 343
 	*t=0; /*null terminate it*/
338 344
 	cb->method.len=t-cb->method.s;
345
+	DBG("parse_cseq: found method %s\n", cb->method.s);
339 346
 	t++;
340 347
 	/*check if the header ends here*/
341 348
 	if (c=='\n') goto check_continue;
... ...
@@ -513,6 +520,7 @@ int parse_uri(char *buf, int len, struct sip_uri* uri)
513 513
 	
514 514
 	return ret;
515 515
 error:
516
+	free_uri(uri);
516 517
 	return ret;
517 518
 }
518 519
 
... ...
@@ -542,11 +550,11 @@ int parse_headers(struct sip_msg* msg, int flags)
542 542
 	DBG("parse_headers: flags=%d\n", flags);
543 543
 	while( tmp<end && (flags & msg->parsed_flag) != flags){
544 544
 		hf=pkg_malloc(sizeof(struct hdr_field));
545
-		memset(hf,0, sizeof(struct hdr_field));
546 545
 		if (hf==0){
547 546
 			LOG(L_ERR, "ERROR:parse_headers: memory allocation error\n");
548 547
 			goto error;
549 548
 		}
549
+		memset(hf,0, sizeof(struct hdr_field));
550 550
 		hf->type=HDR_ERROR;
551 551
 		rest=get_hdr_field(tmp, msg->buf+msg->len, hf);
552 552
 		switch (hf->type){
... ...
@@ -488,6 +488,11 @@ char* parse_hname(char* p, char* end, struct hdr_field* hdr)
488 488
 								goto error;
489 489
 						}
490 490
 						break;
491
+						
492
+			case '\n':
493
+			case '\r': /*not allowed in hname*/
494
+						goto error;
495
+			
491 496
 			default:
492 497
 					switch(state){
493 498
 						case INITIAL:
... ...
@@ -1603,6 +1603,7 @@ main_via:
1603 1603
 								state=saved_state;
1604 1604
 								goto endofheader;
1605 1605
 							case PARAM_ERROR:
1606
+								pkg_free(param);
1606 1607
 								goto error;
1607 1608
 							default:
1608 1609
 								LOG(L_ERR, "ERROR: parse_via after"
... ...
@@ -77,6 +77,7 @@ int receive_msg(char* buf, unsigned int len, unsigned long src_ip)
77 77
 					"error while trying script\n");
78 78
 			goto error;
79 79
 		}
80
+		DBG("succesfully ran routing scripts...\n");
80 81
 #ifdef STATS
81 82
 		/* jku -- update request statistics  */
82 83
 		else update_received_request(msg->first_line.u.request.method_value );
... ...
@@ -115,6 +116,7 @@ int receive_msg(char* buf, unsigned int len, unsigned long src_ip)
115 115
 skip:
116 116
 	DBG("skip:...\n");
117 117
 */
118
+	DBG("receive_msg: cleaning up\n");
118 119
 	free_sip_msg(msg);
119 120
 	pkg_free(msg);
120 121
 #ifdef STATS