Browse code

backporting from opensips: rev4687: - Fixed potential issues with overwriting a byte in a string that was not allocated and is not owned by the code that does this operation

rev4715:
- Fixed error message enconding

rev4734:
- applied patch item #2102494 from Kobi Eshun
- tighten NULL checks during bad event handling

rev4607:
- changed function to take RURI so as to take the new one if it is changed in script (reported by Phil Vandry, closes #2173708 )

rev4808:
- fixed outbound proxy when ua is behind nat ( reported by IƱaki Baz Castillo <ibc@aliax.net>)




git-svn-id: https://openser.svn.sourceforge.net/svnroot/openser/trunk@5116 689a6050-402a-0410-94f2-e92a70836424

Klaus Darilion authored on 23/10/2008 06:39:42
Showing 5 changed files
... ...
@@ -28,8 +28,6 @@
28 28
 #include <errno.h>
29 29
 #include <time.h>
30 30
 #include <sys/types.h>
31
-#include <sys/socket.h>
32
-#include <netinet/in.h>
33 31
 #include <arpa/inet.h>
34 32
 
35 33
 #include "../../sr_module.h"
... ...
@@ -41,6 +39,7 @@
41 41
 #include "../../pvar.h"
42 42
 #include "../../error.h"
43 43
 #include "../../timer.h"
44
+#include "../../resolve.h"
44 45
 #include "../../data_lump.h"
45 46
 #include "../../mod_fix.h"
46 47
 #include "../../script_cb.h"
... ...
@@ -784,22 +783,15 @@ get_contact_uri(struct sip_msg* msg, struct sip_uri *uri, contact_t **_c)
784 784
 static INLINE int
785 785
 rfc1918address(str *address)
786 786
 {
787
-    struct in_addr inaddr;
787
+    struct ip_addr *ip;
788 788
     uint32_t netaddr;
789
-    int i, result;
790
-    char c;
791
-
792
-    c = address->s[address->len];
793
-    address->s[address->len] = 0;
794
-
795
-    result = inet_aton(address->s, &inaddr);
796
-
797
-    address->s[address->len] = c;
789
+    int i;
798 790
 
799
-    if (result==0)
791
+    ip = str2ip(address);
792
+    if (ip == NULL)
800 793
         return -1; // invalid address to test
801 794
 
802
-    netaddr = ntohl(inaddr.s_addr);
795
+    netaddr = ntohl(ip->u.addr32[0]);
803 796
 
804 797
     for (i=0; rfc1918nets[i].name!=NULL; i++) {
805 798
         if ((netaddr & rfc1918nets[i].mask)==rfc1918nets[i].address) {
... ...
@@ -295,7 +295,6 @@ int handle_publish(struct sip_msg* msg, char* sender_uri, char* str2)
295 295
 	pres_ev_t* event= NULL;
296 296
 	str pres_user;
297 297
 	str pres_domain;
298
-	struct sip_uri pres_uri;
299 298
 	int reply_code;
300 299
 	str reply_str;
301 300
 	int sent_reply= 0;
... ...
@@ -400,16 +399,15 @@ int handle_publish(struct sip_msg* msg, char* sender_uri, char* str2)
400 400
 		lexpire = max_expires;
401 401
 
402 402
 	/* get pres_uri from Request-URI*/
403
-	if( parse_uri(msg->first_line.u.request.uri.s, 
404
-				msg->first_line.u.request.uri.len, &pres_uri)< 0)
403
+	if(parse_sip_msg_uri(msg)< 0)
405 404
 	{
406 405
 		LM_ERR("parsing Request URI\n");
407 406
 		reply_code= 400; 
408 407
 		reply_str= pu_400a_rpl;
409 408
 		goto error;
410 409
 	}
411
-	pres_user= pres_uri.user;
412
-	pres_domain= pres_uri.host;
410
+	pres_user= msg->parsed_uri.user;
411
+	pres_domain= msg->parsed_uri.host;
413 412
 
414 413
 	if (!msg->content_length) 
415 414
 	{
... ...
@@ -676,7 +676,7 @@ bad_event:
676 676
 
677 677
 	LM_ERR("Missing or unsupported event header field value\n");
678 678
 		
679
-	if(parsed_event)
679
+	if(parsed_event && parsed_event->text.s)
680 680
 		LM_ERR("\tevent= %.*s\n",parsed_event->text.len,parsed_event->text.s);
681 681
 	
682 682
 	reply_code= BAD_EVENT_CODE;
... ...
@@ -92,13 +92,10 @@ void bla_cb(ucontact_t* c, int type, void* param)
92 92
 	subs.contact= &server_address;
93 93
 	
94 94
 	if(bla_outbound_proxy.s && bla_outbound_proxy.len)
95
-	{
96
-		LM_DBG("outbound_proxy= %.*s\n", bla_outbound_proxy.len, 
97
-				bla_outbound_proxy.s);
98 95
 		subs.outbound_proxy= &bla_outbound_proxy;
99
-	}
100 96
 	else
101
-		subs.outbound_proxy= NULL;
97
+	if(c->received.s && c->received.len)
98
+		subs.outbound_proxy= &c->received;
102 99
 
103 100
 	if(type & UL_CONTACT_INSERT)
104 101
 		subs.flag|= INSERT_TYPE;
... ...
@@ -1344,7 +1344,7 @@ error:
1344 1344
 int as_action_fail_resp(int uac_id,int sip_error,char *err_buf,int i)
1345 1345
 {
1346 1346
    char msg[14+MAX_REASON_LEN];
1347
-   int k;
1347
+   int k, ev_len;
1348 1348
    k=4;
1349 1349
    if(i==0)
1350 1350
       i=strlen(err_buf);
... ...
@@ -1362,8 +1362,8 @@ int as_action_fail_resp(int uac_id,int sip_error,char *err_buf,int i)
1362 1362
    msg[k++]=(char)(unsigned char)i;
1363 1363
    memcpy(msg+k,err_buf,i);
1364 1364
    k+=i;
1365
-   k=htonl(k);
1366
-   memcpy(msg,&k,4);
1365
+   ev_len=htonl(k);
1366
+   memcpy(msg,&ev_len,4);
1367 1367
    write(my_as->u.as.action_fd,msg,k);
1368 1368
    return 0;
1369 1369
 }