Browse code

pv: clone result of several string transformations

- it is safer for assigning back to the same variable on which the
transformation was applied
- reported by Martin Mikkelsen
(cherry picked from commit fe7e4a5152674aa9c81c09dd2fc9938d9e9e762e)

Conflicts:
modules_k/pv/pv_trans.c

Daniel-Constantin Mierla authored on 15/05/2013 20:45:18
Showing 1 changed files
... ...
@@ -94,6 +94,15 @@ char *tr_set_crt_buffer(void)
94 94
 	return _tr_buffer;
95 95
 }
96 96
 
97
+#define tr_string_clone_result do { \
98
+		if(val->rs.len>TR_BUFFER_SIZE-1) { \
99
+			LM_ERR("result is too big\n"); \
100
+			return -1; \
101
+		} \
102
+		strncpy(_tr_buffer, val->rs.s, val->rs.len); \
103
+		val->rs.s = _tr_buffer; \
104
+	} while(0);
105
+
97 106
 /*!
98 107
  * \brief Evaluate string transformations
99 108
  * \param msg SIP message
... ...
@@ -323,6 +332,7 @@ int tr_eval_string(struct sip_msg *msg, tr_param_t *tp, int subtype,
323 332
 				{ /* to end */
324 333
 					val->rs.s += i;
325 334
 					val->rs.len -= i;
335
+					tr_string_clone_result;
326 336
 					break;
327 337
 				}
328 338
 				val->rs.s += i;
... ...
@@ -340,10 +350,12 @@ int tr_eval_string(struct sip_msg *msg, tr_param_t *tp, int subtype,
340 350
 			{ /* to end */
341 351
 				val->rs.s += val->rs.len-i;
342 352
 				val->rs.len = i;
353
+				tr_string_clone_result;
343 354
 				break;
344 355
 			}
345 356
 			val->rs.s += val->rs.len-i;
346 357
 			val->rs.len = j;
358
+			tr_string_clone_result;
347 359
 			break;
348 360
 
349 361
 		case TR_S_SELECT:
... ...
@@ -414,6 +426,7 @@ int tr_eval_string(struct sip_msg *msg, tr_param_t *tp, int subtype,
414 426
 					val->rs = _tr_empty;
415 427
 				}
416 428
 			}
429
+			tr_string_clone_result;
417 430
 			break;
418 431
 
419 432
 		case TR_S_TOLOWER:
... ...
@@ -489,6 +502,7 @@ int tr_eval_string(struct sip_msg *msg, tr_param_t *tp, int subtype,
489 502
 			if(subtype==TR_S_STRIP)
490 503
 				val->rs.s += i;
491 504
 			val->rs.len -= i;
505
+			tr_string_clone_result;
492 506
 			break;
493 507
 
494 508
 		case TR_S_PREFIXES: